cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Syed Ahmed <>
Subject Re: [New Feature FS] SSL Offload Support for Cloudstack
Date Mon, 04 Nov 2013 16:45:15 GMT
Hi All,

I would like to get this code into 4.3. Is it possible for this to be 
reviewed? Is there anything needed from my side? I would be glad to 
provide more information.


On Wed 30 Oct 2013 03:25:12 PM EDT, Syed Ahmed wrote:
> Hi All,
> I have the patch for adding SSL termination support at
> . It would be great if this can be
> reviewed.
> Thanks,
> -Syed
> On 13-10-15 03:01 AM, Murali Reddy wrote:
>> On 11/10/13 9:31 PM, "Syed Ahmed" <> wrote:
>>> Thanks for your valuable feedback Murali. Here are my comments.
>>>> IMO,
>>>> its better we introduce new api's say
>>>> registerCertifcateToLoadbalancer/deregisterCertifcateToLoadbalancer
>>>> than
>>>> force fit existing API's for associate/dis-associate certificates.
>>> Personally, I was going to do it this way. But I am not sure how good
>>> of an idea it is to add a new api just for this feature as I can see
>>> assignToLoadbalancer is semantically similar. But if everyone agrees I
>>> have no problem with it.
>> CloudStack already has distinct API's for each of the LB
>> sub-functionality
>> (health check, stickiness etc) [1]. We are not adding any redundant API,
>> so resulting API are much cleaner just managing SSL termination for a LB
>> rule.
>>>> On second thought may be an CloudStack usage event on assigning
>>>> certificate seems good enough to me.
>>> So what I got from your earlier post was that when adding a  network
>>> offering the provider can choose to enable SSL Termination or not as it
>>> is a value added service. I was thinking of adding "SSL termination"
>>> under supportedservices for the  createNetworkOffering API call. And
>>> when someone calls the API to assign a cert to LB we can check if this
>>> network offering has SSL termination enabled. Does this make sense?
>> So there is notion of network service and network service capability
>> [2].
>> I would attribute 'SSL termination' as capability of LB service.
>> createNetworkOffering API take a capability list. It does make sense to
>> check if the network offering has SSL termination enabled when API to
>> assign a cert to LB is called. Also note that, 'Network Elements'
>> declare
>> their capabilities for the supported services. So it can verified that
>> service provider for LB actually supports 'SSL termination' capability
>> while creating network offering.
>>> Also when you say usage event, what does this imply? I am sorry I am
>>> not familiar with that term. Can you please elaborate.
>> Its an event generated and persisted in the DB for every resource
>> consumption and release. These events are used for billing etc. Please
>> check publishUsageEvent calls in the code.
>> [1]
>> [2] api/src/com/cloud/network/

View raw message