Support SSL Termination in Neutron LBaaS

Registered by Youcef Laribi

One of the most common use cases for loadbalancers is SSL termination or offload. This is especially true for hardware loadbalancers that provide crypto hardware-assist to scale the number of supported SSL sessions for a VIP. In order to support this functionality in Neutron LBaaS, tenants must be able to upload and manage their certificates and private keys and associate these with their VIPs.

Blueprint information

Status:
Complete
Approver:
Kyle Mestery
Priority:
Medium
Drafter:
Youcef Laribi
Direction:
Approved
Assignee:
Evgeny Fedoruk
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1.0
Started by
Kyle Mestery
Completed by
Kyle Mestery

Related branches

Sprints

Whiteboard

December-15 (mestery): Kilo-3.

22-July (mestery): Approved as medium for Juno-3.

The final spec is in WIKI:
https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL

initial doc for discussion in: https://docs.google.com/document/d/1qnoJLD1txY5wnjx4k480AtEGCOEtkPMvTzxPo3_DPcs/edit?usp=sharing

write up on SSL Termination https://docs.google.com/document/d/1tFOrIa10lKr0xQyLVGsVfXr29NQBq2nYTvMkMJ_inbo/edit

Gerrit topic: https://review.openstack.org/#q,topic:bp/lbaas-ssl-termination,n,z

Addressed by: https://review.openstack.org/63510 (Abandoned)
    New SSL extension

Gerrit topic: https://review.openstack.org/#q,topic:bug/1279742,n,z

Addressed by: https://review.openstack.org/74031 (Abandoned)
    New SSL extension

Gerrit topic: https://review.openstack.org/#q,topic:bug/1288326,n,z

Addressed by: https://review.openstack.org/81612 (Abandoned)
    Fix test by waiting to lbaas entity delete

Addressed by: https://review.openstack.org/98640 (Merged)
    lbaas-tls

Addressed by: https://review.openstack.org/102837 (Abandoned)
    TLS implementation

Addressed by: https://review.openstack.org/105609 (Abandoned)
    Plugin/DB additions for version 2 of LBaaS API

Addressed by: https://review.openstack.org/105610 (Abandoned)
    Tests for extension, db and plugin for LBaaS V2

Addressed by: https://review.openstack.org/105331 (Abandoned)
    New extension for version 2 of LBaaS API

Addressed by: https://review.openstack.org/109035 (Abandoned)
    TLS capability extension implementation for lbaas v2

Addressed by: https://review.openstack.org/109849 (Abandoned)
    New common util module for Barbican TLS containers

Addressed by: https://review.openstack.org/110630 (Abandoned)
    TLS capability extension implementation for lbaas v2

Gerrit topic: https://review.openstack.org/#q,topic:bp/lbaas-api-and-objmodel-improvement,n,z

Addressed by: https://review.openstack.org/108174 (Abandoned)
    Implement managers for synchronous haproxy driver

Addressed by: https://review.openstack.org/108173 (Abandoned)
    Implement synchronous haproxy driver methods

Addressed by: https://review.openstack.org/106867 (Abandoned)
    Implement Jinja templates for haproxy config

Addressed by: https://review.openstack.org/123262 (Merged)
    New extension for version 2 of LBaaS API

Addressed by: https://review.openstack.org/123492 (Abandoned)
    New common util module for Barbican TLS containers

Addressed by: https://review.openstack.org/123495 (Abandoned)
    TLS capability extension implementation for lbaas v2

Addressed by: https://review.openstack.org/130982 (Abandoned)
    TLS capability extension implementation for lbaas v2

Addressed by: https://review.openstack.org/145085 (Merged)
    TLS capability extension implementation for lbaas v2

Gerrit topic: https://review.openstack.org/#q,topic:bp/lbaas-ref-impl-tls-support,n,z

Addressed by: https://review.openstack.org/148896
    TLS capability extension implementation for lbaas v2

Addressed by: https://review.openstack.org/152162 (Abandoned)
    TLS capability extension implementation for lbaas v2

(?)

Work Items