Fuel for OpenStack

Implement end-to-end TLS encryption between OpenStack services

Registered by Stanislaw Bogatkin on 2016-01-29

Currently we unwrap TLS on VIP and forward unencrypted traffic to service (sometimes to other node). Proposed to avoid this by switch load-balancer on VIP for OpenStack services to TCP mode and spawn one more TLS unwrapper as close to node as possible (besides service itself). It will lead us to unwrapping TLS on node with service itself, so end-to-end encryption will be achieved.

Blueprint information

Status:: Not started

Approver:: Vladimir Kuklin

Priority:: Undefined

Drafter:: Stanislaw Bogatkin

Direction:: Needs approval

Assignee:: Stanislaw Bogatkin

Definition:: New

Series goal:: Accepted for mitaka

Implementation:: Unknown

Milestone target:: None

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/end-to-end-ssl,n,z

Addressed by: https://review.openstack.org/274095
End to end encryption for OpenStack endpoints

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.