Bug 1086964

Summary: [RFE][nova]: Generic Framework for Securing VNC and SPICE Proxy-To-Compute-Node Connections
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: openstack-novaAssignee: Eoghan Glynn <eglynn>
Status: CLOSED DUPLICATE QA Contact: Prasanth Anbalagan <panbalag>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aludwar, cory.bannister, dasmith, eglynn, kchamart, lyarwood, markmc, sbauza, sclewis, sferdjao, sgordon, srevivo, stephenfin, vromanso, yeylon
Target Milestone: Upstream M2Keywords: FutureFeature, Reopened, Triaged
Target Release: 14.0 (Rocky)   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/nova/+spec/websocket-proxy-to-host-security
Whiteboard: upstream_milestone_none upstream_definition_approved upstream_status_needs-code-review
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1449307 (view as bug list) Environment:
Last Closed: 2017-10-06 13:54:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description RHOS Integration 2014-04-12 04:04:29 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/websocket-proxy-to-host-security.

Description:

Currently, while the noVNC and HTML5 SPICE clients can use TLS-encrypted
WebSockets to communicate with Websockify (and authenticate with Nova console
tokens), the encryption and authentication ends there.  There are neither
encryption nor authentication between Websockify and the hypervisors'
VNC and SPICE servers.

This blueprint would propose introducing a generic framework for supporting
MITM security for Websockify to use between itself and the compute nodes.


Specification URL (additional information):

None
Comment 2 Red Hat Bugzilla Rules Engine 2017-04-20 12:42:19 UTC 
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.
Comment 5 Stephen Finucane 2017-10-06 13:54:51 UTC 

*** This bug has been marked as a duplicate of bug 1025429 ***