Juniper Openstack

vRouter support for SSL meta-data service when proxying

Registered by Rudra Rugge on 2017-07-14

Openstack allows VMs to access metadata by sending a HTTP request to the link local address 169.254.169.254. This request from a VM is proxied to to Nova API, with additional HTTP header fields added. Nova uses these to identify the source instance and responds with appropriate metadata.

Contrail vRouter acts as the proxy, trapping the metadata requests, adding the necessary header fields and sending the requests to the Nova API server.

This communication between vRouter and Nova API should be SSL encrypted.

Read the full specification

Blueprint information

Status:: Complete

Approver:: Nischal Sheth

Priority:: Medium

Drafter:: Hari Prasad Killi

Direction:: Approved

Assignee:: Hari Prasad Killi

Definition:: Approved

Series goal:: Accepted for trunk

Implementation:: Implemented

Milestone target:: r4.1.0.0-fcs

Started by: Hari Prasad Killi on 2017-07-20

Completed by: Hari Prasad Killi on 2017-11-20

Related branches

Related bugs

Bug #1628783: SSL for metadata service

Fix Committed

Sprints

Whiteboard

(?)

Work Items

Work items:
Agent code changes to handle SSL support for metadata proxy : DONE
Provisioning updates to handle SSL certificates : DONE

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.