Bug 1230890
Summary: | The undercloud does not support ssl for OpenStack endpoints | |||
---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Ben Nemec <bnemec> | |
Component: | rhosp-director | Assignee: | Ben Nemec <bnemec> | |
Status: | CLOSED ERRATA | QA Contact: | Alexander Chuzhoy <sasha> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | high | |||
Version: | Director | CC: | avozza, brad, jslagle, kbasil, mburns, rhel-osp-director-maint, sasha | |
Target Milestone: | ga | Keywords: | Triaged | |
Target Release: | Director | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | os-cloud-config-0.2.8-5.el7ost openstack-ironic-discoverd-1.1.0-5.el7ost python-rdomanager-oscplugin-0.0.8-22.el7ost instack-undercloud-2.1.2-19.el7ost | Doc Type: | Enhancement | |
Doc Text: |
Feature:
SSL support for the OpenStack API endpoints in the Undercloud has been added. The feature is implemented with an HAProxy instance bound to virtual IP's and does SSL termination.
The SSL support is optional, and disabled by default. To enable the support, configure the undercloud_public_vip, undercloud_admin_vip, and undercloud_service_certificate options in undercloud.conf prior to running "openstack undercloud install".
Reason:
Having SSL support for the OpenStack API endpoints in the Undercloud results in a more secure OpenStack installation.
Result:
SSL is used to encrypt all traffic between clients and the OpenStack API endpoints.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1238422 (view as bug list) | Environment: | ||
Last Closed: | 2015-08-05 13:53:26 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1238422 | |||
Bug Blocks: |
Description
Ben Nemec
2015-06-11 17:26:43 UTC
*** Bug 1234384 has been marked as a duplicate of this bug. *** ben looking into the failure here had to revert this one: https://code.engineering.redhat.com/gerrit/#/c/52570/ the revert is built into: instack-undercloud-2.1.2-17.el7ost.noarch.rpm New patch posted that fixes the problem with non-SSL underclouds. Verified: Environment: instack-undercloud-2.1.2-21.el7ost.noarch Was able to deploy an overcloud on top of undercloud with enabled SSL. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2015:1549 |