Thanks Murali for your comments.
I have started implementing the API which consists of mostly
certificate management, which is adding/deleting and listing SSL certs.
I will implement the assign to loadbalancer and the resource specific
code later.
Is it possible to submit my patch in two parts? The first part deals
with certificate management and the second one deals with assignment of
the certificate to loadbalancer. Both modules are independent and I
feel like I would learn a lot as my first part is being reviewed and I
can incorporate the feedback from it onto my second part.
What do you guys think?
Thanks
-Syed
On Tue 15 Oct 2013 03:01:05 AM EDT, Murali Reddy wrote:
On 11/10/13 9:31 PM, "Syed Ahmed" <sah...@cloudops.com> wrote:
Thanks for your valuable feedback Murali. Here are my comments.
IMO,
its better we introduce new api's say
registerCertifcateToLoadbalancer/deregisterCertifcateToLoadbalancer than
force fit existing API's for associate/dis-associate certificates.
Personally, I was going to do it this way. But I am not sure how good
of an idea it is to add a new api just for this feature as I can see
assignToLoadbalancer is semantically similar. But if everyone agrees I
have no problem with it.
CloudStack already has distinct API's for each of the LB sub-functionality
(health check, stickiness etc) [1]. We are not adding any redundant API,
so resulting API are much cleaner just managing SSL termination for a LB
rule.
On second thought may be an CloudStack usage event on assigning
certificate seems good enough to me.
So what I got from your earlier post was that when adding a network
offering the provider can choose to enable SSL Termination or not as it
is a value added service. I was thinking of adding "SSL termination"
under supportedservices for the createNetworkOffering API call. And
when someone calls the API to assign a cert to LB we can check if this
network offering has SSL termination enabled. Does this make sense?
So there is notion of network service and network service capability [2].
I would attribute 'SSL termination' as capability of LB service.
createNetworkOffering API take a capability list. It does make sense to
check if the network offering has SSL termination enabled when API to
assign a cert to LB is called. Also note that, 'Network Elements' declare
their capabilities for the supported services. So it can verified that
service provider for LB actually supports 'SSL termination' capability
while creating network offering.
Also when you say usage event, what does this imply? I am sorry I am
not familiar with that term. Can you please elaborate.
Its an event generated and persisted in the DB for every resource
consumption and release. These events are used for billing etc. Please
check publishUsageEvent calls in the code.
[1] http://cloudstack.apache.org/docs/api/apidocs-4.2/TOC_User.html
[2] api/src/com/cloud/network/Network.java
