incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wido den Hollander <w...@widodh.nl>
Subject Re: Building Management Server URL
Date Thu, 19 Jul 2012 11:59:38 GMT


On 18-07-12 19:12, Vijay Venkatachalam wrote:
>
> A network element like a loadbalancer running remotely from the management server might
want from time to time to retrieve some info from CS mgmt server, or take an action on behalf
of a user. so It would want to use the API endpoint to interact with CS
>

I get it, but that would also imply that you have to supply user 
credentials to that network element, how would you otherwise let it 
authenticate with the API?

Also, if you take Config.ManagementHostIPAdr.key() you get the local IP 
from that management server, but it could be a cluster with a 
loadbalancer in front.

You better take the first IP from the global management.cidr I think.

Wido

>
>> -----Original Message-----
>> From: Wido den Hollander [mailto:wido@widodh.nl]
>> Sent: Wednesday, July 18, 2012 7:34 PM
>> To: cloudstack-dev@incubator.apache.org
>> Subject: Re: Building Management Server URL
>>
>> Hi,
>>
>> On 18-07-12 14:32, Vijay Venkatachalam wrote:
>>> Hi,
>>> 	Is there way to programmatically build the Management Server's API
>> URL from inside the code? I am intending to pass this to a network element,
>> which will do API call back to the Management Server.
>>>
>>> 	Currently,
>>> 		I am getting the IP from
>> "configDao.getValue(Config.ManagementHostIPAdr.key());"
>>> 		Hardwiring Port to 8080
>>> 		Hardwiring URI to /client/api
>>> 		Result: https://<ms_ip>:8080/client/api
>>>
>>> 	Is there a better way? Is there anything special that has to be done for
>> cluster deployments?
>>>
>>> 	Also, are there any other issues, will this require a NAT of some kind to
>> reach the Management Server? Or Is there a firewall config that has to be done?
>> Or will the management server be multi-homed with many nics with one ip per
>> nic? Can we figure this out programmatically before sending the URL to the
>> network element.
>>>
>>
>> Doing TCP connections back to yourself is something you should prevent at all
>> times. How are you going to do this with the login credentials?
>>
>> I'm missing the point why you should do a callback to itself?
>>
>> Wido
>>
>>> Thanks,
>>> Vijay V.
>>>
>>>
>

Mime
View raw message