1326705 – [RFE] Provide alternative for SSL termination of lbaas vip without barbican

Bug 1326705 - [RFE] Provide alternative for SSL termination of lbaas vip without barbican

Summary: [RFE] Provide alternative for SSL termination of lbaas vip without barbican

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron-lbaas
Sub Component:
Version:	7.0 (Kilo)
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Assaf Muller
QA Contact:	Toni Freger
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-13 10:41 UTC by Jaison Raju
Modified:	2022-08-16 14:05 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-06-26 17:59:06 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-4550	0	None	None	None	2022-08-16 14:05:13 UTC
Red Hat Knowledge Base (Solution)	2256331	0	None	None	None	2016-04-13 11:15:04 UTC

Description Jaison Raju 2016-04-13 10:41:27 UTC

1. Proposed title of this feature request  
  Provide alternative for SSL termination of lbaas vip without barbican

3. What is the nature and description of the request?  
  Neutron lbaas vips should have a configurable means for ssl termination without barbican.
4. Why does the customer need this? (List the business requirements here)  
  Upstream doc provides steps to configure ssl termination with barbican only
https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer
Although we do not provide barbican & there is not fixed timeline to include the same with our OpenStack release .
ssl/tls termination is mostly sought use case in neutron-lbaas .
We need to provide some solution until barbican is available .
5. How would the customer like to achieve this? (List the functional requirements here)  
  
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  
  
7. Is there already an existing RFE upstream or in Red Hat Bugzilla?  
No .
* Feature to get barbican to fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1190269

Comment 3 Assaf Muller 2016-06-04 02:18:35 UTC

@Nir, can you confirm that Barbican is the way forward for TLS termination when using Octavia? If so, it makes sense to pursue the inclusion of Barbican in to OSP.

Comment 4 Nir Magnezi 2016-06-06 08:43:03 UTC

(In reply to Assaf Muller from comment #3)
> @Nir, can you confirm that Barbican is the way forward for TLS termination
> when using Octavia? If so, it makes sense to pursue the inclusion of
> Barbican in to OSP.

"The initial supported implementation for TLS related functions will be Barbican, but the interface will be generic such that other implementations could be created later."

Source: http://octavia.io/review/master/specs/version0.5/tls-data-security.html

We should incorporate Barbican in OSP.

Comment 12 Assaf Muller 2018-06-26 17:59:06 UTC

The focus is on Octavia now, which offers SSL termination using Barbican. There are no plans to offer an alternative at this time.

Note You need to log in before you can comment on or make changes to this bug.