lp://staging/~dmitriis/charms/trusty/neutron-contrail/trunk
- Get this branch:
- bzr branch lp://staging/~dmitriis/charms/trusty/neutron-contrail/trunk
Branch merges
- Ante Karamatić: Pending requested
-
Diff: 1024 lines (+356/-150)4 files modifiedhooks/neutron_contrail_hooks.py (+149/-59)
hooks/neutron_contrail_utils.py (+196/-91)
metadata.yaml (+2/-0)
templates/contrail-vrouter-agent.conf (+9/-0)
Branch information
- Owner:
- Dmitrii Shcherbakov
- Status:
- Development
Recent revisions
- 67. By Dmitrii Shcherbakov
-
enable TLS for XMPP communication as of contrail 3
TLS is enabled unconditionally for contail 3.0 and above deployments to
make sure communication is secure by default.Certificates are generated automatically from a PKI charm (e.g. easyrsa
with a subject alternative name field containing an IP address on a
control network which is used by both contrail-control and
neutron-contrail to communicate with each other.As of Juju 2.x network spaces can be used if an underlying cloud
supports them. In order to facilitate that support one should bind
control-node endpoint to a specific network space. Otherwise, old
mechanisms such as unit private address are going to be used to retrieve
an ip address to be included into a certificate.Control node address fetching mechanism has changed as well: instead of
just doing a relation-get for a private IP address of a control-node
unit a different value is taken from the relation data called
control_node_ip (available due to modifications on the contrail-control
side) - it is either an address in the network space which control-node
endpoint is bound to or a fall-back address (unit private address).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)