SovereignCloudStack / issues

This repository is used for issues that are cross-repository or not bound to a specific repository.
https://github.com/orgs/SovereignCloudStack/projects/6
2 stars 1 forks source link

Implement use of redis as backend for Tooz orchestration/coordination in Ansible Kolla #562

Open fdobrovolny opened 8 months ago

fdobrovolny commented 8 months ago

Epic #462

As an SCS Operator, I want orchestration and coordination using Tooz to use Redis over TLS for orchestration so that all traffic is encrypted.

Tooz, as of this release, now supports using TLS to connect to Redis. By default, ansible kolla uses an unencrypted MySQL connection for orchestration but can also use Redis.

Tooz is used by the following:

Definition of Ready:

Definition of Done:

berendt commented 8 months ago

Do we use Cloudkitty at all? We don't even build the images for it.

fdobrovolny commented 8 months ago

Do we use Cloudkitty at all? We don't even build the images for it.

It was brought up in our dedicated breakout meeting, but I don't know by whom.

Barbican and Designate have also been mentioned on the topic. Do you have any comments about them? I have already looked into them, and I'm in the process of documenting them and making issues.

EDIT: I looked in the meeting notes from the breakout session https://input.scs.community/e2ee-openstack-services, and it is not mentioned there, so it had to be from someone when I was presenting it in the IaaS call.

fdobrovolny commented 8 months ago

Updated the task to mention the use of tooz in Designate and Cinder

MatusJenca2 commented 6 months ago

I started working on this, I will either create another patch or it will be included in https://review.opendev.org/c/openstack/kolla-ansible/+/909188