Bug 1155378

Summary: [RFE][sahara]: More-Security-Sahara-Support-Https
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: openstack-saharaAssignee: Elise Gafford <egafford>
Status: CLOSED ERRATA QA Contact: Luigi Toscano <ltoscano>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: kbasil, markmc, matt, mimccune, mlopes, yeylon
Target Milestone: Upstream M2Keywords: FutureFeature
Target Release: 7.0 (Kilo)   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/sahara/+spec/sahara-support-https
Whiteboard: upstream_milestone_kilo-2 upstream_definition_approved upstream_status_implemented
Fixed In Version: openstack-sahara-2015.1.0-2.el7ost Doc Type: Enhancement
Doc Text:
With this enhancement, the Sahara API now fully supports the HTTPS protocol.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-05 13:15:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description RHOS Integration 2014-10-22 04:00:57 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/sahara/+spec/sahara-support-https.

Description:

For more security, sahara need to support https.

Specification URL (additional information):

None
Comment 4 Luigi Toscano 2015-07-17 15:59:20 UTC 
Verified that Sahara can be configured to use SSL endpoints (https). The configuration requires setting two parameters (cert_file and key_file) in the [ssl] section of sahara.conf, and the creation of endpoints with https instead of http in the URL. When the https endpoints are defined, even if the http are still available, the sahara CLI client requires already the parameter with the public certificate of the CA.

Verification of Sahara ability to communicate using SSL with other components has been postponed, due to other components configuration issues. 

Verified on RHEL 7.1, with RHEL-OSP7 packages:
openstack-sahara-common-2015.1.0-5.el7ost.noarch
openstack-sahara-engine-2015.1.0-5.el7ost.noarch
openstack-sahara-api-2015.1.0-5.el7ost.noarch
python-saharaclient-0.9.0-1.el7ost.noarch
Comment 6 errata-xmlrpc 2015-08-05 13:15:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1548