lp:~tilmanbaumann/charms/trusty/contrail-control/trunk

Created by Tilman Baumann on 2018-02-28 and last modified on 2018-02-28
Get this branch:
bzr branch lp:~tilmanbaumann/charms/trusty/contrail-control/trunk
Only Tilman Baumann can upload to this branch. If you are Tilman Baumann please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Tilman Baumann
Status:
Development

Recent revisions

33. By Tilman Baumann on 2018-01-24

Adding xmpp_auth option

Sparating xmpp_auth_enable from tls settings
Making it switchable via xmpp_auth config option

32. By Dmitrii Shcherbakov on 2017-03-26

enable TLS for XMPP communication as of contrail 3

TLS is enabled unconditionally for contail 3.0 and above deployments to
make sure communication is secure by default.

XMPP clients are vrouter agents on compute nodes. XMPP servers are
contrail-control nodes.

Certificates are generated automatically from a PKI charm (e.g. easyrsa
with a Subject Alternative Name field containing an IP address on a
control network which is used by both contrail-control and
neutron-contrail to communicate with each other.

Using a Subject Alternative Name (SAN) with an IP address avoids a
dependency on a DNS infrastructure while keeping the communication
secure between endpoints that are related.

Client authentication by XMPP servers was not supported at the time of
writing hence there is no mention of that in the code.

As of Juju 2.x network spaces can be used if an underlying cloud
supports them. In order to facilitate that support one should bind
control-node endpoint to a specific network space. Otherwise, old
mechanisms such as unit private address are going to be used to retrieve
an ip address to be included into a certificate.

Control node address fetching mechanism has changed as well: instead of
just doing a relation-get for a private IP address of a control-node
unit a different value is taken from the relation data called
control_node_ip (available due to modifications on the contrail-control
side) - it is either an address in the network space which control-node
endpoint is bound to or a fall-back address (unit private address).

31. By Dmitrii Shcherbakov on 2017-03-19

hooks: pep8 refactoring

30. By Robert Ayres on 2017-03-10

Merge Ante Karamatic's changes (with modifications)

29. By Robert Ayres on 2017-02-10

Ignore unprovisioning failure

28. By Robert Ayres on 2016-10-25

Remove unrequired openstack-origin option

27. By Robert Ayres on 2016-10-21

*Add supervisor files for contrail 3.1
*Alter ntpq script for contrail 3.1

26. By Robert Ayres on 2016-10-10

Sync charm helpers

25. By Robert Ayres on 2016-08-05

Minor fixes for control-network option

24. By Robert Ayres on 2016-07-29

Add control-network option, fixes lp #1597791

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers