Back to bug 1686517
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| RHEL Program Management | 2019-03-07 15:51:08 UTC | Target Release | 14.0 (Rocky) | --- |
| Nir Magnezi | 2019-03-07 15:56:27 UTC | Status | NEW | ON_DEV |
| Target Release | --- | 13.0 (Queens) | ||
| Link ID | OpenStack gerrit 641268 OpenStack gerrit 641279 | |||
| Assignee | amuller | nmagnezi | ||
| Target Milestone | z2 | zstream | ||
| Doc Text | As a followup to the fix that resolved CVE-2018-16856, Octavia will now encrypt certificates and keys used for secure communication with amphorae, in its internal workflows. Octavia used to exclude debug-level log prints for specific tasks and flows that were explicitly specified by name, a method that is susceptive to code changes. Added a new option named server_certs_key_passphrase under the certificates section. The default value gets copied from an environment variable named TLS_PASS_AMPS_DEFAULT. In a case where TLS_PASS_AMPS_DEFAULT is not set, and the operator did not fill any other value directly, 'insecure-key-do-not-use-this-key' will be used. | |||
| Doc Type | If docs needed, set a value | Bug Fix | ||
| RHEL Program Management | 2019-03-07 15:56:32 UTC | Target Release | 13.0 (Queens) --- | --- 13.0 (Queens) |
| Carlos Goncalves | 2019-04-10 16:35:44 UTC | Blocks | 1698576 | |
| Nir Magnezi | 2019-05-08 11:10:32 UTC | Status | ON_DEV | MODIFIED |
| Fixed In Version | openstack-octavia-2.0.4-5.el7ost | |||
| Nir Magnezi | 2019-05-08 11:11:10 UTC | Target Milestone | zstream | z7 |
| Federico Iezzi | 2019-05-13 13:53:22 UTC | CC | fiezzi | |
| errata-xmlrpc | 2019-06-06 17:59:13 UTC | Status | MODIFIED | ON_QA |
| Steve Linabery | 2019-06-07 20:01:10 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2019-06-07 20:02:07 UTC | Status | MODIFIED | ON_QA |
| Steve Linabery | 2019-06-07 20:05:53 UTC | Status | ON_QA | MODIFIED |
| Steve Linabery | 2019-06-12 21:52:25 UTC | Status | MODIFIED | ON_QA |
| mgeary | 2019-06-28 11:51:26 UTC | CC | mgeary | |
| Doc Text | As a followup to the fix that resolved CVE-2018-16856, Octavia will now encrypt certificates and keys used for secure communication with amphorae, in its internal workflows. Octavia used to exclude debug-level log prints for specific tasks and flows that were explicitly specified by name, a method that is susceptive to code changes. Added a new option named server_certs_key_passphrase under the certificates section. The default value gets copied from an environment variable named TLS_PASS_AMPS_DEFAULT. In a case where TLS_PASS_AMPS_DEFAULT is not set, and the operator did not fill any other value directly, 'insecure-key-do-not-use-this-key' will be used. | Previously, keys and certificates used for internal workflow communication with octavia amphorae were unencrypted. This update adds a new option, `server_certs_key_passphrase`, in the certificates section to address this. |
||
| errata-xmlrpc | 2019-07-09 18:33:11 UTC | Status | ON_QA | RELEASE_PENDING |
| errata-xmlrpc | 2019-07-10 13:02:00 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-07-10 13:02:00 UTC | |||
| errata-xmlrpc | 2019-07-10 13:02:13 UTC | Link ID | Red Hat Product Errata RHBA-2019:1744 | |
| Nir Magnezi | 2019-09-10 14:12:44 UTC | CC | nmagnezi |
Back to bug 1686517