Juju Charms Collection
neutron-contrail package

Merge lp://staging/~dmitriis/charms/trusty/neutron-contrail/trunk into lp://staging/~sdn-charmers/charms/trusty/neutron-contrail/trunk

  1. Trusty Tahr (14.04)
  2. trunk
  3. Merge into trunk
Proposed by Dmitrii Shcherbakov
Status: Superseded
Proposed branch: lp://staging/~dmitriis/charms/trusty/neutron-contrail/trunk
Merge into: lp://staging/~sdn-charmers/charms/trusty/neutron-contrail/trunk
Diff against target: 1024 lines (+356/-150)
4 files modified
hooks/neutron_contrail_hooks.py (+149/-59)
hooks/neutron_contrail_utils.py (+196/-91)
metadata.yaml (+2/-0)
templates/contrail-vrouter-agent.conf (+9/-0)
To merge this branch: bzr merge lp://staging/~dmitriis/charms/trusty/neutron-contrail/trunk
Reviewer Review Type Date Requested Status
Ante Karamatić Pending
Review via email: mp+320499@code.staging.launchpad.net
To post a comment you must log in.
Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :

Note: easyrsa charm should be used for PKI https://jujucharms.com/u/containers/easyrsa/

juju add-relation contrail-control easyrsa
juju add-relation neutron-contrail easyrsa

lp://staging/~dmitriis/charms/trusty/neutron-contrail/trunk updated
67. By Dmitrii Shcherbakov

enable TLS for XMPP communication as of contrail 3

TLS is enabled unconditionally for contail 3.0 and above deployments to
make sure communication is secure by default.

Certificates are generated automatically from a PKI charm (e.g. easyrsa
with a subject alternative name field containing an IP address on a
control network which is used by both contrail-control and
neutron-contrail to communicate with each other.

As of Juju 2.x network spaces can be used if an underlying cloud
supports them. In order to facilitate that support one should bind
control-node endpoint to a specific network space. Otherwise, old
mechanisms such as unit private address are going to be used to retrieve
an ip address to be included into a certificate.

Control node address fetching mechanism has changed as well: instead of
just doing a relation-get for a private IP address of a control-node
unit a different value is taken from the relation data called
control_node_ip (available due to modifications on the contrail-control
side) - it is either an address in the network space which control-node
endpoint is bound to or a fall-back address (unit private address).

Unmerged revisions

67. By Dmitrii Shcherbakov

enable TLS for XMPP communication as of contrail 3

TLS is enabled unconditionally for contail 3.0 and above deployments to
make sure communication is secure by default.

Certificates are generated automatically from a PKI charm (e.g. easyrsa
with a subject alternative name field containing an IP address on a
control network which is used by both contrail-control and
neutron-contrail to communicate with each other.

As of Juju 2.x network spaces can be used if an underlying cloud
supports them. In order to facilitate that support one should bind
control-node endpoint to a specific network space. Otherwise, old
mechanisms such as unit private address are going to be used to retrieve
an ip address to be included into a certificate.

Control node address fetching mechanism has changed as well: instead of
just doing a relation-get for a private IP address of a control-node
unit a different value is taken from the relation data called
control_node_ip (available due to modifications on the contrail-control
side) - it is either an address in the network space which control-node
endpoint is bound to or a fall-back address (unit private address).

66. By Dmitrii Shcherbakov

hooks,utils: pep8 refactoring

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches