Back to bug 2193388
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat One Jira (issues.redhat.com) | 2023-05-05 13:34:49 UTC | Link ID | Red Hat Issue Tracker OSP-24809 | |
| Randy Rubins | 2023-05-06 06:59:08 UTC | CC | rrubins | |
| Ashish Gupta | 2023-05-08 14:28:12 UTC | CC | ashigupt | |
| QA Contact | ikanias | ashigupt | ||
| Radomir Dopieralski | 2023-05-09 11:06:52 UTC | Flags | needinfo?(jagee) | |
| Radomir Dopieralski | 2023-05-11 14:34:41 UTC | Status | NEW | ON_DEV |
| Damien Ciabrini | 2023-06-16 18:36:54 UTC | CC | dciabrin | |
| Link ID | OpenStack gerrit 886290 | |||
| Mikolaj Ciecierski | 2023-06-30 15:14:28 UTC | CC | mciecier | |
| Flags | needinfo?(dciabrin) | |||
| Radomir Dopieralski | 2023-08-10 16:14:17 UTC | Assignee | rhos-maint | rdopiera |
| Severity | medium | urgent | ||
| Link ID | OpenStack gerrit 883129 | |||
| Target Milestone | --- | z1 | ||
| Target Release | --- | 17.1 | ||
| Priority | unspecified | high | ||
| RHEL Program Management | 2023-08-10 16:14:26 UTC | Target Release | 17.1 | --- |
| Radomir Dopieralski | 2023-08-11 07:34:35 UTC | Severity | urgent | medium |
| Radomir Dopieralski | 2023-08-11 07:35:11 UTC | Status | ON_DEV | ASSIGNED |
| Keywords | Triaged | |||
| RHEL Program Management | 2023-08-11 07:35:20 UTC | Target Release | --- | 17.1 |
| Radomir Dopieralski | 2023-08-11 07:36:01 UTC | Status | ASSIGNED | ON_DEV |
| Mike Burns | 2023-08-11 13:59:33 UTC | Target Milestone | z1 | z2 |
| Radomir Dopieralski | 2023-08-14 15:52:05 UTC | Target Milestone | z2 | z1 |
| Paul Grist | 2023-08-15 12:24:08 UTC | CC | pgrist | |
| Doc Type | If docs needed, set a value | Known Issue | ||
| Chris Jones | 2023-08-15 12:50:36 UTC | Doc Text | Cause: Horizon is currently configured to validate client TLS certificates, which is an incorrect default. Consequence: This causes all TLS-Everywhere deployments to have a broken Horizon install - it will reject incoming HTTPS requests from HAProxy because HAProxy does not present (nor should it), a client certificate. Workaround (if any): The workaround is to override the incorrect default using ExtraConfig. They would create a file with the following YAML, and then pass the filename with the -e option of the overcloud deploy command. parameter_defaults: ControllerExtraConfig: horizon::ssl_verify_client: none Result: Horizon will be deployed as expected and will work. | |
| CC | chjones | |||
| Irina | 2023-08-15 13:44:33 UTC | CC | igallagh | |
| Doc Text | Cause: Horizon is currently configured to validate client TLS certificates, which is an incorrect default. Consequence: This causes all TLS-Everywhere deployments to have a broken Horizon install - it will reject incoming HTTPS requests from HAProxy because HAProxy does not present (nor should it), a client certificate. Workaround (if any): The workaround is to override the incorrect default using ExtraConfig. They would create a file with the following YAML, and then pass the filename with the -e option of the overcloud deploy command. parameter_defaults: ControllerExtraConfig: horizon::ssl_verify_client: none Result: Horizon will be deployed as expected and will work. | The Dashboard service (horizon) is currently configured to validate client TLS certificates by default, which breaks the Dashboard service on all TLS everywhere (TLS-e) deployments. Workaround: . Add the following configuration to an environment file: + ---- parameter_defaults: ControllerExtraConfig: horizon::ssl_verify_client: none ---- . Add the environment file to the stack with your other environment files and deploy the overcloud: + ---- (undercloud)$ openstack overcloud deploy --templates \ -e [your environment files] \ -e /home/stack/templates/<environment_file>.yaml ---- |
||
| Takashi Kajinami | 2023-08-15 15:20:03 UTC | CC | tkajinam | |
| Irina | 2023-08-15 15:45:59 UTC | Doc Text | The Dashboard service (horizon) is currently configured to validate client TLS certificates by default, which breaks the Dashboard service on all TLS everywhere (TLS-e) deployments. Workaround: . Add the following configuration to an environment file: + ---- parameter_defaults: ControllerExtraConfig: horizon::ssl_verify_client: none ---- . Add the environment file to the stack with your other environment files and deploy the overcloud: + ---- (undercloud)$ openstack overcloud deploy --templates \ -e [your environment files] \ -e /home/stack/templates/<environment_file>.yaml ---- | The Dashboard service (horizon) is currently configured to validate client TLS certificates by default, which breaks the Dashboard service on all TLS everywhere (TLS-e) deployments. + Workaround: . Add the following configuration to an environment file: + ---- parameter_defaults: ControllerExtraConfig: horizon::ssl_verify_client: none ---- . Add the environment file to the stack with your other environment files and deploy the overcloud: + ---- (undercloud)$ openstack overcloud deploy --templates \ -e [your environment files] \ -e /home/stack/templates/<environment_file>.yaml ---- |
Back to bug 2193388