vRouter support for SSL meta-data service when proxying
Registered by
Rudra Rugge
Openstack allows VMs to access metadata by sending a HTTP request to the link local address 169.254.169.254. This request from a VM is proxied to to Nova API, with additional HTTP header fields added. Nova uses these to identify the source instance and responds with appropriate metadata.
Contrail vRouter acts as the proxy, trapping the metadata requests, adding the necessary header fields and sending the requests to the Nova API server.
This communication between vRouter and Nova API should be SSL encrypted.
Blueprint information
- Status:
- Complete
- Approver:
- Nischal Sheth
- Priority:
- Medium
- Drafter:
- Hari Prasad Killi
- Direction:
- Approved
- Assignee:
- Hari Prasad Killi
- Definition:
- Approved
- Series goal:
- Accepted for trunk
- Implementation:
- Implemented
- Milestone target:
- r4.1.0.0-fcs
- Started by
- Hari Prasad Killi
- Completed by
- Hari Prasad Killi
Whiteboard
(?)
Work Items
Work items:
Agent code changes to handle SSL support for metadata proxy : DONE
Provisioning updates to handle SSL certificates : DONE