cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Syed Ahmed <>
Subject Re: [New Feature FS] SSL Offload Support for Cloudstack
Date Tue, 15 Oct 2013 23:33:40 GMT
Thanks Murali for your comments.

I have started implementing the API which consists of mostly 
certificate management, which is adding/deleting and listing SSL certs. 
I will implement the assign to loadbalancer and the resource specific 
code later.

Is it possible to submit my patch in two parts? The first part deals 
with certificate management and the second one deals with assignment of 
the certificate to loadbalancer. Both modules are independent and I 
feel like I would learn a lot as my first part is being reviewed and I 
can incorporate the  feedback from it onto my second part.

What do you guys think?


On Tue 15 Oct 2013 03:01:05 AM EDT, Murali Reddy wrote:

> On 11/10/13 9:31 PM, "Syed Ahmed" <> wrote:
>> Thanks for your valuable feedback Murali. Here are my comments.
>>> IMO,
>>> its better we introduce new api's say
>>> registerCertifcateToLoadbalancer/deregisterCertifcateToLoadbalancer than
>>> force fit existing API's for associate/dis-associate certificates.
>> Personally, I was going to do it this way. But I am not sure how good
>> of an idea it is to add a new api just for this feature as I can see
>> assignToLoadbalancer is semantically similar. But if everyone agrees I
>> have no problem with it.
> CloudStack already has distinct API's for each of the LB sub-functionality
> (health check, stickiness etc) [1]. We are not adding any redundant API,
> so resulting API are much cleaner just managing SSL termination for a LB
> rule.
>>> On second thought may be an CloudStack usage event on assigning
>>> certificate seems good enough to me.
>> So what I got from your earlier post was that when adding a  network
>> offering the provider can choose to enable SSL Termination or not as it
>> is a value added service. I was thinking of adding "SSL termination"
>> under supportedservices for the  createNetworkOffering API call. And
>> when someone calls the API to assign a cert to LB we can check if this
>> network offering has SSL termination enabled. Does this make sense?
> So there is notion of network service and network service capability [2].
> I would attribute 'SSL termination' as capability of LB service.
> createNetworkOffering API take a capability list. It does make sense to
> check if the network offering has SSL termination enabled when API to
> assign a cert to LB is called. Also note that, 'Network Elements' declare
> their capabilities for the supported services. So it can verified that
> service provider for LB actually supports 'SSL termination' capability
> while creating network offering.
>> Also when you say usage event, what does this imply? I am sorry I am
>> not familiar with that term. Can you please elaborate.
> Its an event generated and persisted in the DB for every resource
> consumption and release. These events are used for billing etc. Please
> check publishUsageEvent calls in the code.
> [1]
> [2] api/src/com/cloud/network/

View raw message