Juniper Openstack

LBAASv2 ssl support for liberty

  1. Series trunk
  2. Bug #1569033
Bug #1569033 reported by Rudra Rugge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.0
Fix Committed
Critical
Rudra Rugge
Trunk
Fix Committed
Critical
Rudra Rugge

Bug Description

LBAASv2 ssl support for Openstack liberty

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/19220
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/19221
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19221
Committed: http://github.org/Juniper/contrail-controller/commit/55fc68a61225af009b012b022fca55bffcda739e
Submitter: Zuul
Branch: R3.0

commit 55fc68a61225af009b012b022fca55bffcda739e
Author: Rudra Rugge <email address hidden>
Date: Mon Apr 11 13:27:02 2016 -0700

LBAASv2 SSL schema changes

Add fields for default tls certificate and sni
containers in listener schema.

Change-Id: I3d7ee1507a4e29577fb9b756f9d7b266a74adaf7
Partial-Bug: #1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/19220
Committed: http://github.org/Juniper/contrail-controller/commit/638f5dcde2ae514ae67906804a6b7733eacf5a99
Submitter: Zuul
Branch: master

commit 638f5dcde2ae514ae67906804a6b7733eacf5a99
Author: Rudra Rugge <email address hidden>
Date: Mon Apr 11 13:27:02 2016 -0700

LBAASv2 SSL schema changes

Add fields for default tls certificate and sni
containers in listener schema.

Change-Id: I3d7ee1507a4e29577fb9b756f9d7b266a74adaf7
Partial-Bug: #1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/19352
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/19353
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19353
Committed: http://github.org/Juniper/contrail-controller/commit/89c7afacdd613a742a815aff56c6dc620c1a23f2
Submitter: Zuul
Branch: R3.0

commit 89c7afacdd613a742a815aff56c6dc620c1a23f2
Author: Rudra Rugge <email address hidden>
Date: Fri Apr 15 23:37:39 2016 -0700

LBAASv2 SSL schema changes

Add protocol TERMINATED_HTTPS for terminating HTTPS
at the VIP.

Change-Id: If0691dfea32fb08f691ca505a160f48df5fec4aa
Partial-Bug: #1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/19352
Committed: http://github.org/Juniper/contrail-controller/commit/ff4661ac46e3aeb974f194a6b7fbd6ba6c4f763a
Submitter: Zuul
Branch: master

commit ff4661ac46e3aeb974f194a6b7fbd6ba6c4f763a
Author: Rudra Rugge <email address hidden>
Date: Fri Apr 15 23:37:39 2016 -0700

LBAASv2 SSL schema changes

Add protocol TERMINATED_HTTPS for terminating HTTPS
at the VIP.

Change-Id: If0691dfea32fb08f691ca505a160f48df5fec4aa
Partial-Bug: #1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/19395
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/19396
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19396
Committed: http://github.org/Juniper/contrail-controller/commit/2078559856d6537ec1e2af07e727424ccd1fc6ab
Submitter: Zuul
Branch: R3.0

commit 2078559856d6537ec1e2af07e727424ccd1fc6ab
Author: Rudra Rugge <email address hidden>
Date: Mon Apr 18 09:48:03 2016 -0700

SSL parameter setting in haproxy

Pass SSL parameters to haproxy.

Change-Id: I9b9c9da9e6ef473ac9db617aaa86e38decd77c3b
Partial-Bug: #1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/19394
Committed: http://github.org/Juniper/contrail-neutron-plugin/commit/4181cf6a2d1361c4fb5ec865c0f1d999f5429bac
Submitter: Zuul
Branch: R3.0

commit 4181cf6a2d1361c4fb5ec865c0f1d999f5429bac
Author: Rudra Rugge <email address hidden>
Date: Mon Apr 18 09:37:20 2016 -0700

Neutron changes for SSL

Pass SSL parameters from neutron to contrail.

Change-Id: I71220360d4814a1bdd5c9e07eeeb9523ddf11def
Partial-Bug: #1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/19393
Committed: http://github.org/Juniper/contrail-neutron-plugin/commit/3e5937e19be679fd9392f2aa4904a77b0ef5b7dd
Submitter: Zuul
Branch: master

commit 3e5937e19be679fd9392f2aa4904a77b0ef5b7dd
Author: Rudra Rugge <email address hidden>
Date: Mon Apr 18 09:37:20 2016 -0700

Neutron changes for SSL

Pass SSL parameters from neutron to contrail.

Change-Id: I71220360d4814a1bdd5c9e07eeeb9523ddf11def
Partial-Bug: #1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/19395
Committed: http://github.org/Juniper/contrail-controller/commit/4afabf4cb4eb11f97334e3ef35af04e70bf354d7
Submitter: Zuul
Branch: master

commit 4afabf4cb4eb11f97334e3ef35af04e70bf354d7
Author: Rudra Rugge <email address hidden>
Date: Mon Apr 18 09:48:03 2016 -0700

SSL parameter setting in haproxy

Pass SSL parameters to haproxy.

Change-Id: I9b9c9da9e6ef473ac9db617aaa86e38decd77c3b
Partial-Bug: #1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/19711
Submitter: Yuvaraja Mariappan

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19711
Committed: http://github.org/Juniper/contrail-controller/commit/7e90c69fea05ed56380437a1b68eadbe678aabd1
Submitter: Zuul
Branch: R3.0

commit 7e90c69fea05ed56380437a1b68eadbe678aabd1
Author: Yuvaraja Mariappan <email address hidden>
Date: Thu Apr 28 16:28:41 2016 -0700

SSL parameter setting in haproxy

1. Added barbican certificate manager to get the certificates
2. Added changes in netns to update the haproxy ssl config
3. On Failure netns, haproxy directory will be deleted and
existing running haproxy will be killed

Change-Id: If9606d68c36402d363e559b8028d118067216f09
Partial-Bug: 1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/19775
Submitter: Yuvaraja Mariappan

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19775
Committed: http://github.org/Juniper/contrail-controller/commit/04986c50b4a5b5700e9a9cbed19ecd7d9e241571
Submitter: Zuul
Branch: master

commit 04986c50b4a5b5700e9a9cbed19ecd7d9e241571
Author: Yuvaraja Mariappan <email address hidden>
Date: Thu Apr 28 16:28:41 2016 -0700

SSL parameter setting in haproxy

1. Added barbican certificate manager to get the certificates
2. Added changes in netns to update the haproxy ssl config
3. On Failure netns, haproxy directory will be deleted and
existing running haproxy will be killed

Change-Id: If9606d68c36402d363e559b8028d118067216f09
Partial-Bug: 1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/19877
Submitter: Yuvaraja Mariappan

Jeba Paulaiyan (jebap)
information type: Proprietary → Public
tags: added: blocker
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/19900
Submitter: Yuvaraja Mariappan

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19877
Committed: http://github.org/Juniper/contrail-controller/commit/bcc5a397f39d510834e1b9bcedf56492d98f8210
Submitter: Zuul
Branch: R3.0

commit bcc5a397f39d510834e1b9bcedf56492d98f8210
Author: Yuvaraja Mariappan <email address hidden>
Date: Tue May 3 19:00:22 2016 -0700

SSL parameter setting in haproxy

1. Handled Certificate Fetch Error.
2. Handled Private-Key Fetch Error.
3. Added General exception handler in haproxy config
creation path and haproxy process start/stop path
4. Added code to fetch admin_tenant_name from
contrail-barbican-auth.conf

Change-Id: I32cafe5b7121381a8cf735b2b569c51a4260036c
Partial-Bug: 1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/19975
Submitter: Yuvaraja Mariappan

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19900
Committed: http://github.org/Juniper/contrail-controller/commit/8b2be5a891d50b5ffeaee2e3840e08ee8d10256f
Submitter: Zuul
Branch: master

commit 8b2be5a891d50b5ffeaee2e3840e08ee8d10256f
Author: Yuvaraja Mariappan <email address hidden>
Date: Tue May 3 19:00:22 2016 -0700

SSL parameter setting in haproxy

1. Handled Certificate Fetch Error.
2. Handled Private-Key Fetch Error.
3. Added General exception handler in haproxy config
creation path and haproxy process start/stop path
4. Added code to fetch admin_tenant_name from
contrail-barbican-auth.conf

Change-Id: I32cafe5b7121381a8cf735b2b569c51a4260036c
Partial-Bug: 1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/19984
Submitter: Yuvaraja Mariappan

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19975
Committed: http://github.org/Juniper/contrail-controller/commit/e7c2fcbd8fc78835ebc55859bf63f7d5896eec07
Submitter: Zuul
Branch: R3.0

commit e7c2fcbd8fc78835ebc55859bf63f7d5896eec07
Author: Yuvaraja Mariappan <email address hidden>
Date: Fri May 6 15:29:43 2016 -0700

SSL parameter setting in haproxy

1. fixed haproxy launch issue when /etc/contrail/contrail-barbican-auth.conf
is not present for not https protocol
2. Added custom log levels to log Starting/Stopping/Updating
haproxy process

Change-Id: Id3fa720fbc663d05967988612698fa6063e126ef
Partial-Bug: 1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/19984
Committed: http://github.org/Juniper/contrail-controller/commit/72348304b14047452726e6940f452bfd2e45ac60
Submitter: Zuul
Branch: master

commit 72348304b14047452726e6940f452bfd2e45ac60
Author: Yuvaraja Mariappan <email address hidden>
Date: Fri May 6 15:29:43 2016 -0700

SSL parameter setting in haproxy

1. fixed haproxy launch issue when /etc/contrail/contrail-barbican-auth.conf
is not present for not https protocol
2. Added custom log levels to log Starting/Stopping/Updating
haproxy process

Change-Id: Id3fa720fbc663d05967988612698fa6063e126ef
Partial-Bug: 1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/20068
Submitter: Yuvaraja Mariappan

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/20077
Submitter: Yuvaraja Mariappan

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/20077
Committed: http://github.org/Juniper/contrail-controller/commit/e32b08daad7006a3e77d413bdda25e58cf30fade
Submitter: Zuul
Branch: master

commit e32b08daad7006a3e77d413bdda25e58cf30fade
Author: Yuvaraja Mariappan <email address hidden>
Date: Tue May 10 12:33:32 2016 -0700

SSL parameter setting in haproxy

1. barbican import error is fixed for juno and kilo releases
2. lbaas version would be passed as keyvaluepair to agent from
svc-monitor
3. haproxy_ssl_cert_path for v1 would be fetched from
/etc/contrail/contrail-vrouter-agent.conf
4. authentication credentials for v2 would be fetched from
/etc/contrail/contrail-lbaas-auth.conf
5. auth_version is taken from auth_url for v2 certificate fetch
6. haproxy start/update/stop msgs would be logged in
/var/log/contrail/contrail-lbaas-haproxy-stdout.log

Change-Id: I20fabff381b0b8fa7fb2a5aed9b2ff5bd71afd06
Partial-Bug: 1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/20068
Committed: http://github.org/Juniper/contrail-controller/commit/078469104bcfb6d2898a521dbcc79fc46498a9b3
Submitter: Zuul
Branch: R3.0

commit 078469104bcfb6d2898a521dbcc79fc46498a9b3
Author: Yuvaraja Mariappan <email address hidden>
Date: Tue May 10 12:33:32 2016 -0700

SSL parameter setting in haproxy

1. barbican import error is fixed for juno and kilo releases
2. lbaas version would be passed as keyvaluepair to agent from
svc-monitor
3. haproxy_ssl_cert_path for v1 would be fetched from
/etc/contrail/contrail-vrouter-agent.conf
4. authentication credentials for v2 would be fetched from
/etc/contrail/contrail-lbaas-auth.conf
5. auth_version is taken from auth_url for v2 certificate fetch
6. haproxy start/update/stop msgs would be logged in
/var/log/contrail/contrail-lbaas-haproxy-stdout.log

Change-Id: I20fabff381b0b8fa7fb2a5aed9b2ff5bd71afd06
Partial-Bug: 1569033

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/20261
Submitter: Yuvaraja Mariappan

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/20321
Submitter: Yuvaraja Mariappan

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/20261
Committed: http://github.org/Juniper/contrail-controller/commit/bd530b64c64000e718acd1d9967f9d510a0fe92e
Submitter: Zuul
Branch: R3.0

commit bd530b64c64000e718acd1d9967f9d510a0fe92e
Author: Yuvaraja Mariappan <email address hidden>
Date: Mon May 16 11:33:24 2016 -0700

SSL parameter setting in haproxy

1. lbaas_auth_conf param is added in agent which contains the
credentials to fetch the ssl certificates and private-keys.
if it is not mentioned, netns would use
/etc/contrail/contrail-lbaas-auth.conf as default
2. when two netns is launched by agent continosly [without any delay]
the second netns may report "LBAAS type is missing" if the first
netns moves the conf file to haproxy dir which is fixed
3. issue is fixed during the agent restart.

Change-Id: I511f21be1690364657f1bae3cb79608669cd5a18
Partial-Bug: 1569033
Closes-Bug: 1581154

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/20321
Committed: http://github.org/Juniper/contrail-controller/commit/5a1ef608928f2e1b52622fbf89fef2a81930c90a
Submitter: Zuul
Branch: master

commit 5a1ef608928f2e1b52622fbf89fef2a81930c90a
Author: Yuvaraja Mariappan <email address hidden>
Date: Mon May 16 11:33:24 2016 -0700

SSL parameter setting in haproxy

1. lbaas_auth_conf param is added in agent which contains the
credentials to fetch the ssl certificates and private-keys.
if it is not mentioned, netns would use
/etc/contrail/contrail-lbaas-auth.conf as default
2. when two netns is launched by agent continosly [without any delay]
the second netns may report "LBAAS type is missing" if the first
netns moves the conf file to haproxy dir which is fixed
3. issue is fixed during the agent restart.

Change-Id: I511f21be1690364657f1bae3cb79608669cd5a18
Partial-Bug: 1569033
Closes-Bug: 1581154

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.