Skip to content

Improvement: SSL offloading with Virtual Router #11468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Improvement: SSL offloading with Virtual Router #11468

wants to merge 7 commits into from

Conversation

weizhouapache
Copy link
Member

Description

This PR improves the SSL termination feature to support CloudStack VR

Design doc: https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSL+Offloading+with+Virtual+Router

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • build/CI
  • test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

@weizhouapache
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 14670

@weizhouapache weizhouapache added this to the 4.22.0 milestone Aug 19, 2025
@weizhouapache
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@codecov Codecov
Copy link

codecov bot commented Aug 19, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 38.65546% with 146 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.36%. Comparing base (f2d6356) to head (6e629ca).
⚠️ Report is 4 commits behind head on main.

Files with missing lines Patch % Lines
...esource/virtualnetwork/model/LoadBalancerRule.java 6.97% 40 Missing ⚠️
...in/java/com/cloud/network/HAProxyConfigurator.java 59.72% 22 Missing and 7 partials ⚠️
...loud/network/lb/LoadBalancingRulesManagerImpl.java 0.00% 22 Missing and 2 partials ⚠️
...user/loadbalancer/AssignCertToLoadBalancerCmd.java 0.00% 11 Missing ⚠️
...ork/router/VirtualNetworkApplianceManagerImpl.java 0.00% 10 Missing ⚠️
...apache/cloudstack/network/ssl/CertServiceImpl.java 82.00% 5 Missing and 4 partials ⚠️
...er/loadbalancer/RemoveCertFromLoadBalancerCmd.java 0.00% 7 Missing ⚠️
...va/com/cloud/network/router/NetworkHelperImpl.java 0.00% 6 Missing ⚠️
...ain/java/com/cloud/network/dao/SslCertDaoImpl.java 0.00% 5 Missing ⚠️
...in/java/com/cloud/agent/api/to/LoadBalancerTO.java 0.00% 3 Missing ⚠️
... and 2 more
Additional details and impacted files 
@@            Coverage Diff             @@
##               main   #11468    +/-   ##
==========================================
  Coverage     17.35%   17.36%            
- Complexity    15230    15247    +17     
==========================================
  Files          5886     5886            
  Lines        525685   525933   +248     
  Branches      64159    64197    +38     
==========================================
+ Hits          91247    91335    +88     
- Misses       424138   424290   +152     
- Partials      10300    10308     +8
Flag Coverage Δ
uitests 3.62% <ø> (-0.01%) ⬇️
unittests 18.40% <38.65%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14671

@weizhouapache
Copy link
Member Author

@blueorangutan test

@blueorangutan
Copy link

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

@DaanHoogland DaanHoogland mentioned this pull request Aug 19, 2025
Open
@DaanHoogland DaanHoogland linked an issue Aug 19, 2025 that may be closed by this pull request
Feature Request: SSL Offloading and HTTP-Based Load Balancing in CloudStack #11283
Open
@DaanHoogland DaanHoogland self-assigned this Aug 20, 2025
@weizhouapache
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✖️ debian ✔️ suse15. SL-JID 14689

@weizhouapache
Copy link
Member Author

@blueorangutan test

@blueorangutan
Copy link

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

DaanHoogland
DaanHoogland reviewed Aug 21, 2025
View reviewed changes
Copy link
Contributor

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks generally good, some questions and some style remarks.

core/src/main/java/com/cloud/network/HAProxyConfigurator.java
Comment on lines +606 to +609
.append(lbCmd.lbStatsUri)
.append("\n\tstats realm Haproxy\\ Statistics\n\tstats auth ")
.append(lbCmd.lbStatsAuth)
.append("\n");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
.append(lbCmd.lbStatsUri)
.append("\n\tstats realm Haproxy\\ Statistics\n\tstats auth ")
.append(lbCmd.lbStatsAuth)
.append("\n");
.append(lbCmd.lbStatsUri)
.append("\n\tstats realm Haproxy\\ Statistics\n\tstats auth ")
.append(lbCmd.lbStatsAuth)
.append("\n");

Copy link
Member Author

@weizhouapache weizhouapache Aug 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is auto-formatted by intelliJ IDEA. I guess it is ok ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so you have your settings at 8 spaces per tab? (no big care anyway, so don’t bother too much)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

normally I replace tab with 4 spaces.

maybe caused by the indentation rules in java ?

image

@weizhouapache
Copy link
Member Author

@DaanHoogland
thanks for the review

I have addressed your comments, can you review again ? thanks

@weizhouapache
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@weizhouapache
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14699

@weizhouapache
Copy link
Member Author

@blueorangutan test

@blueorangutan
Copy link

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

@blueorangutan
Copy link

[SF] Trillian test result (tid-14093)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 50158 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11468-t14093-kvm-ol8.zip
Smoke tests completed. 147 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File

@weizhouapache
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

[SF] Trillian test result (tid-14094)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 54839 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11468-t14094-kvm-ol8.zip
Smoke tests completed. 147 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14709

@weizhouapache
Copy link
Member Author

@blueorangutan test

@blueorangutan
Copy link

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

DaanHoogland
DaanHoogland approved these changes Aug 22, 2025
View reviewed changes
Copy link
Contributor

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm

@blueorangutan
Copy link

[SF] Trillian test result (tid-14103)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 52329 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11468-t14103-kvm-ol8.zip
Smoke tests completed. 144 look OK, 3 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File
test_01_invalid_upgrade_kubernetes_cluster Failure 127.33 test_kubernetes_clusters.py
test_02_upgrade_kubernetes_cluster Failure 122.23 test_kubernetes_clusters.py
test_03_deploy_and_scale_kubernetes_cluster Failure 117.19 test_kubernetes_clusters.py
test_04_autoscale_kubernetes_cluster Failure 120.07 test_kubernetes_clusters.py
test_05_basic_lifecycle_kubernetes_cluster Failure 122.20 test_kubernetes_clusters.py
test_06_delete_kubernetes_cluster Failure 122.15 test_kubernetes_clusters.py
test_08_upgrade_kubernetes_ha_cluster Failure 185.70 test_kubernetes_clusters.py
test_10_vpc_tier_kubernetes_cluster Failure 136.36 test_kubernetes_clusters.py
test_12_test_deploy_cluster_different_offerings_per_node_type Failure 129.69 test_kubernetes_clusters.py
ContextSuite context=TestKubernetesCluster>:teardown Error 19.73 test_kubernetes_clusters.py
test_oobm_issue_power_cycle Error 2.25 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_off Error 2.22 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_on Error 1.24 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_reset Error 1.21 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_soft Error 2.23 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_status Error 2.27 test_outofbandmanagement_nestedplugin.py
test_01_webhook_deliveries Failure 8.73 test_webhook_delivery.py

@blueorangutan
Copy link

[LL]Trillian test result (tid-7120)
Environment: kvm-rocky8 (x2), Advanced Networking with Mgmt server r8
Total time taken: 44209 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11468-t7120-kvm-rocky8.zip
Smoke tests completed. 145 look OK, 2 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File
test_oobm_issue_power_cycle Error 2.19 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_off Error 2.18 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_on Error 1.15 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_reset Error 1.16 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_soft Error 2.16 test_outofbandmanagement_nestedplugin.py
test_oobm_issue_power_status Error 1.15 test_outofbandmanagement_nestedplugin.py
test_01_webhook_deliveries Failure 7.90 test_webhook_delivery.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DaanHoogland DaanHoogland DaanHoogland approved these changes

Assignees

@DaanHoogland DaanHoogland

Labels
component:api component:integration-test component:marvin component:networking component:UI component:virtual-router Python Warning... Python code Ahead! status:needs-testing
Projects
None yet
Milestone
4.22.0
Development

Successfully merging this pull request may close these issues.

Feature Request: SSL Offloading and HTTP-Based Load Balancing in CloudStack
4 participants
@weizhouapache @blueorangutan @DaanHoogland @sureshanaparti