Bug 1309528
| Summary: | [RFE] Update HAproxy heat template to optionally configure RGW | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Kyle Bader <kbader> |
| Component: | rhosp-director | Assignee: | Giulio Fidente <gfidente> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Yogev Rabl <yrabl> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 10.0 (Newton) | CC: | alan_bishop, arkady_kanevsky, bperkins, cdevine, christopher_dearborn, dbecker, gael_rehault, gfidente, ipilcher, jdonohue, joherr, John_walsh, jomurphy, jschluet, j_t_williams, kazen, kschinck, kurt_hey, mburns, mcornea, morazi, nlevine, oblaut, randy_perryman, rbiba, rhel-osp-director-maint, rsussman, scohen, seb, smerrow, sreichar, wayne_allen, yrabl |
| Target Milestone: | --- | ||
| Target Release: | 10.0 (Newton) | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: |
The director is now able to configure HAproxy load balancing and SSL termination for RADOS gateway (RGW) services collocated on OSP controller nodes.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-12-16 16:51:07 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1336839, 1356451, 1387433, 1413723 | ||
|
Description
Kyle Bader
2016-02-18 03:15:24 UTC
Mozilla recommendations for TSL termination using HAproxy: https://wiki.mozilla.org/Security/Server_Side_TLS adding related work for it upstream (for RGW support, not HA) No longer blocks delljs5.0 because we have a workaround. As far as I know, due to recent patches in OSP10 for rgw support this requirement is fixed. So if we use rgw as a replacement for swift, rgw will use swift haproxy configuration. Keith, do you mind sharing an example of the haproxy section for rgw in this case? Thanks! From OSPd10 the haproxy.cfg file will include a listener for the RGW backends. For example in an IPv6 environment it will include something like the following:
listen ceph_rgw
bind 2001:db8:fd00:1000::14:8080 transparent
bind fd00:fd00:fd00:3000::10:8080 transparent
server overcloud-controller-0.storage.localdomain fd00:fd00:fd00:3000::19:8080 check fall 5 inter 2000 rise 2
where
2001:db8:fd00:1000::14 is the public endpoint for swift (rgw) service
fd00:fd00:fd00:3000::10 is the internal ednpoint on the storage network
fd00:fd00:fd00:3000::19 is (one of) the target rgw nodes
This section is automatically (and only) included when RGW is deployed, replacing a similar listener usually created for Swift.
If sufficient, I think we can close this as CURRENTRELEASE?
will it work for IPv4 and IPv6? will it work when swift is there and swift is not there? It definitely must work without swift. Yes, this should work with IPv4 and IPv6 deployments. Swift and RGW cannot be deployed together in the same overcloud by OSPd; when RGW is chosen, it will be deployed as a drop-in replacement for Swift. Clients will continue to use the standard Swift client to operate against an RGW server. The relevant haproxy configuration will be applied depending on which service is deployed. right. either swift or ceph object store. Hope there is a check for it. |