Bisaillon
Subject: [New Feature FS] SSL Offload Support for Cloudstack
Hi,
I have been working on adding SSL offload functionality to cloudstack
and make it work for Netscaler. I have an initial design documented
at
https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSL+Offloading+Support
and I
Chaturvedi
Subject: Re: [New Feature FS] SSL Offload Support for Cloudstack
Yes the work is complete. This is available via the API. I will resolve the
ticket.
Thanks,
-Syed
On Wed 15 Jan 2014 06:17:37 PM EST, Animesh Chaturvedi wrote:
> Syed
>
> I see the issue is not resolved and not tagged fo
fixVersion as 4.3
Animesh
-Original Message-
From: Syed Ahmed [mailto:sah...@cloudops.com]
Sent: Tuesday, October 08, 2013 11:14 AM
To: dev@cloudstack.apache.org
Cc: Sheng Liang; Manan Shah; Ian Rae; Will Stevens; Pierre-Luc Bisaillon
Subject: [New Feature FS] SSL Offload Support for
@cloudstack.apache.org
Cc: Sheng Liang; Manan Shah; Ian Rae; Will Stevens; Pierre-Luc Bisaillon
Subject: [New Feature FS] SSL Offload Support for Cloudstack
Hi,
I have been working on adding SSL offload functionality to cloudstack and make
it work for Netscaler. I have an initial design documented at
https
vember 06, 2013 8:26 AM
> To: dev@cloudstack.apache.org
> Cc: Murali Reddy; Darren Shepherd
> Subject: Re: [New Feature FS] SSL Offload Support for Cloudstack
>
> Hi All,
>
> Many thanks to Darren and Murali for reviewing my code. I feel that the
> code is in a good condi
Yes, the certificates are managed separately from the Netscaler on
cloudstack and get passed to the resource. Any other LB can implement
the termination feature and use the certificates.
On Wed 06 Nov 2013 12:36:26 PM EST, Marcus Sorensen wrote:
Just want to mention that if certificates are
Just want to mention that if certificates are managed, this would be
fairly simple to add to VPC routers as well. The haproxy loadbalancer
config would just need to be passed the cert and a slightly different
config. So hopefully it has been implemented in such a way that it's
easy to reuse for VPC
Hi All,
Many thanks to Darren and Murali for reviewing my code. I feel that the
code is in a good condition to be merged into the master. I see that
the code freeze is at the end of this week. Is it possible for my patch
to be merged by then? Is it a hard deadline?
Thanks,
-Syed
On Mon 04 N
Hi All,
I would like to get this code into 4.3. Is it possible for this to be
reviewed? Is there anything needed from my side? I would be glad to
provide more information.
Thanks,
-Syed
On Wed 30 Oct 2013 03:25:12 PM EDT, Syed Ahmed wrote:
Hi All,
I have the patch for adding SSL terminatio
Hi All,
I have the patch for adding SSL termination support at
https://reviews.apache.org/r/14976/ . It would be great if this can be
reviewed.
Thanks,
-Syed
On 13-10-15 03:01 AM, Murali Reddy wrote:
On 11/10/13 9:31 PM, "Syed Ahmed" wrote:
Thanks for your valuable feedback Murali. Here
Thanks Murali for your comments.
I have started implementing the API which consists of mostly
certificate management, which is adding/deleting and listing SSL certs.
I will implement the assign to loadbalancer and the resource specific
code later.
Is it possible to submit my patch in two par
On 11/10/13 9:31 PM, "Syed Ahmed" wrote:
>Thanks for your valuable feedback Murali. Here are my comments.
>
>> IMO,
>> its better we introduce new api's say
>> registerCertifcateToLoadbalancer/deregisterCertifcateToLoadbalancer than
>> force fit existing API's for associate/dis-associate certific
Thanks for your valuable feedback Murali. Here are my comments.
IMO,
its better we introduce new api's say
registerCertifcateToLoadbalancer/deregisterCertifcateToLoadbalancer than
force fit existing API's for associate/dis-associate certificates.
Personally, I was going to do it this way. But
On 09/10/13 8:08 PM, "Syed Ahmed" wrote:
>Thanks Murali for your response.
>
>> - any reason why you choose assignTo/RemoveFrom load balancer rule API's
>
>I thought this made more sense than create/updateLoadbalancerRule as
>we would have to call update to delete a cert which I find somewhat
>co
Thanks Murali for your response.
> - any reason why you choose assignTo/RemoveFrom load balancer rule API's
I thought this made more sense than create/updateLoadbalancerRule as
we would have to call update to delete a cert which I find somewhat
confusing. Also this is semantically similar to atta
t;>
>> Thanks
>> -Syed
>>
>>
>>
>> On Tue 08 Oct 2013 06:56:34 PM EDT, Edison Su wrote:
>>>
>>> There is command in ACS, UploadCustomCertificateCmd, which can receive ssl
>>> cert, key can chain as input. Maybe can share some code?
>
Thanks Syed for the FS.
Couple of comments:
- any reason why you choose assignTo/RemoveFrom load balancer rule API's
to assign/remove certificate to LB rules? These api's are basically for
controlling VM membership with a load balancer rule. Can
create/updateLoadBalancerRule api's b used for regi
hich can receive ssl
>> cert, key can chain as input. Maybe can share some code?
>>
>>> -Original Message-
>>> From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com]
>>> Sent: Tuesday, October 08, 2013 1:54 PM
>>> To: dev@cloudstack.apache.o
, which can receive ssl
cert, key can chain as input. Maybe can share some code?
-Original Message-
From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com]
Sent: Tuesday, October 08, 2013 1:54 PM
To: dev@cloudstack.apache.org
Subject: Re: [New Feature FS] SSL Offload Support for
k.apache.org
> Subject: Re: [New Feature FS] SSL Offload Support for Cloudstack
>
> The API should do input validation on the SSL cert, key and chain.
> Getting those three pieces of info is usually difficult for most people to get
> right as they don't really know what those th
BouncyCastle, its already in ACS. Off list I'll send you some sample
code on how to validate this stuff.
Darren
On Tue, Oct 8, 2013 at 1:58 PM, Syed Ahmed wrote:
> Thanks Darren for your reply.
>
> Do you happen to have any info on a library that I can use for certificate
> validation?
>
> Than
Thanks Darren for your reply.
Do you happen to have any info on a library that I can use for
certificate validation?
Thanks,
-Syed
On Tue 08 Oct 2013 04:53:40 PM EDT, Darren Shepherd wrote:
The API should do input validation on the SSL cert, key and chain.
Getting those three pieces of info
The API should do input validation on the SSL cert, key and chain.
Getting those three pieces of info is usually difficult for most
people to get right as they don't really know what those three things
are. There's about a 80% chance most calls will fail. If you rely on
the provider it will proba
A question about implementation. I was looking at other commands and
the execute() method for each of the other commands seem to call a
service ( _lbservice for example ) which takes care of updating the DB
and calling the resource layer. Should the Certificate management be
implemented as a se
Thanks for the feedback guys. Really appreciate it.
1) Changing the name to SSL Termination.
I don't have a problem with that. I was looking at Netscaler all the time
and they call it SSL offloading. But I agree that termination is a more
general term.
I have changed the name. The new page is a
On Tue, Oct 08, 2013 at 11:41:42AM -0700, Darren Shepherd wrote:
> Technicality here, can we call the functionality SSL termination?
> While technically we are "offloading" ssl from the VM, offloading
> typically carries a connotation that its being done in hardware. So
> we are really talking abo
Technicality here, can we call the functionality SSL termination?
While technically we are "offloading" ssl from the VM, offloading
typically carries a connotation that its being done in hardware. So
we are really talking about SSL termination.
Couple comments. I wouldn't want to assume anything
Hi,
I have been working on adding SSL offload functionality to cloudstack
and make it work for Netscaler. I have an initial design documented at
https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSL+Offloading+Support
and I would really love your feedback. The bug for this is
https://iss
28 matches
Mail list logo
