Bug 1293943
| Summary: | SSL For Endpoints on the Internal Network | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Jeremy <jmelvin> | ||||
| Component: | pyOpenSSL | Assignee: | Nathan Kinder <nkinder> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Shai Revivo <srevivo> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 7.0 (Kilo) | CC: | apevec, jruzicka, mburns, panbalag, srevivo | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-02-09 23:59:15 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
*** This bug has been marked as a duplicate of bug 1336504 *** |
Created attachment 1108979 [details] sample haproxy.conf from one of the controllers Description of problem: We currenlty have ssl implemented via haproxy for horizon and keystone for public VIP. We want to make sure that the internal API endpoints are also using SSL to secure sensitive communication. If an authorized user, let's say a sysadmin logs into the a node on a cluster, that person can see and capture information that is passed in the clear to api endpoints. We would like to make sure that internal API's are being used over SSL. browser - (https)-> horizon -(http) -> internal API(s) CLI -(https)-> keystone pub haproxy -(http)->internal keystone API Needs to be: browser - (https)-> horizon -(httpS) -> internal API(s) CLI -(https)-> keystone pub haproxy -(httpS)->internal keystone API Additional info: