Support SSL Termination in Neutron LBaaS

Registered by Youcef Laribi on 2013-09-17

One of the most common use cases for loadbalancers is SSL termination or offload. This is especially true for hardware loadbalancers that provide crypto hardware-assist to scale the number of supported SSL sessions for a VIP. In order to support this functionality in Neutron LBaaS, tenants must be able to upload and manage their certificates and private keys and associate these with their VIPs.

Blueprint information

Status:
Complete
Approver:
Kyle Mestery
Priority:
Medium
Drafter:
Youcef Laribi
Direction:
Approved
Assignee:
Evgeny Fedoruk
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1.0
Started by
Kyle Mestery on 2014-07-25
Completed by
Kyle Mestery on 2015-03-18

Related branches

Sprints

Whiteboard

December-15 (mestery): Kilo-3.

22-July (mestery): Approved as medium for Juno-3.

The final spec is in WIKI:
https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL

initial doc for discussion in: https://docs.google.com/document/d/1qnoJLD1txY5wnjx4k480AtEGCOEtkPMvTzxPo3_DPcs/edit?usp=sharing

write up on SSL Termination https://docs.google.com/document/d/1tFOrIa10lKr0xQyLVGsVfXr29NQBq2nYTvMkMJ_inbo/edit

Gerrit topic: https://review.openstack.org/#q,topic:bp/lbaas-ssl-termination,n,z

Addressed by: https://review.openstack.org/63510 (Abandoned)
    New SSL extension

Gerrit topic: https://review.openstack.org/#q,topic:bug/1279742,n,z

Addressed by: https://review.openstack.org/74031 (Abandoned)
    New SSL extension

Gerrit topic: https://review.openstack.org/#q,topic:bug/1288326,n,z

Addressed by: https://review.openstack.org/81612 (Abandoned)
    Fix test by waiting to lbaas entity delete

Addressed by: https://review.openstack.org/98640 (Merged)
    lbaas-tls

Addressed by: https://review.openstack.org/102837 (Abandoned)
    TLS implementation

Addressed by: https://review.openstack.org/105609 (Abandoned)
    Plugin/DB additions for version 2 of LBaaS API

Addressed by: https://review.openstack.org/105610 (Abandoned)
    Tests for extension, db and plugin for LBaaS V2

Addressed by: https://review.openstack.org/105331 (Abandoned)
    New extension for version 2 of LBaaS API

Addressed by: https://review.openstack.org/109035 (Abandoned)
    TLS capability extension implementation for lbaas v2

Addressed by: https://review.openstack.org/109849 (Abandoned)
    New common util module for Barbican TLS containers

Addressed by: https://review.openstack.org/110630 (Abandoned)
    TLS capability extension implementation for lbaas v2

Gerrit topic: https://review.openstack.org/#q,topic:bp/lbaas-api-and-objmodel-improvement,n,z

Addressed by: https://review.openstack.org/108174 (Abandoned)
    Implement managers for synchronous haproxy driver

Addressed by: https://review.openstack.org/108173 (Abandoned)
    Implement synchronous haproxy driver methods

Addressed by: https://review.openstack.org/106867 (Abandoned)
    Implement Jinja templates for haproxy config

Addressed by: https://review.openstack.org/123262 (Merged)
    New extension for version 2 of LBaaS API

Addressed by: https://review.openstack.org/123492 (Abandoned)
    New common util module for Barbican TLS containers

Addressed by: https://review.openstack.org/123495 (Abandoned)
    TLS capability extension implementation for lbaas v2

Addressed by: https://review.openstack.org/130982 (Abandoned)
    TLS capability extension implementation for lbaas v2

Addressed by: https://review.openstack.org/145085 (Merged)
    TLS capability extension implementation for lbaas v2

Gerrit topic: https://review.openstack.org/#q,topic:bp/lbaas-ref-impl-tls-support,n,z

Addressed by: https://review.openstack.org/148896
    TLS capability extension implementation for lbaas v2

Addressed by: https://review.openstack.org/152162 (Abandoned)
    TLS capability extension implementation for lbaas v2

(?)

Work Items