Bug 1516301

Summary: missing ssl connection
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Lubos Trilety <ltrilety>
Component: web-admin-tendrl-uiAssignee: Timothy Asir <tjeyasin>
Status: CLOSED CURRENTRELEASE QA Contact: sds-qe-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rhgs-3.3CC: dahorak, gshanmug, julim, mbukatov, nthomas, rhs-bugs, sankarshan
Target Milestone: ---Keywords: Security, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-09 10:27:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1516293, 1642574    
Bug Blocks:    

Description Lubos Trilety 2017-11-22 12:36:33 UTC 
Description of problem:
RHGSWA UI doesn't use ssl certification. There's authentication, but after user is logged in, open not-encrypted connection is still used.

More info about this can be found in upstream issue:
https://github.com/Tendrl/tendrl-ansible/issues/30


Version-Release number of selected component (if applicable):
tendrl-selinux-1.5.3-2.el7rhgs.noarch
tendrl-commons-1.5.4-3.el7rhgs.noarch
tendrl-api-httpd-1.5.4-2.el7rhgs.noarch
tendrl-grafana-selinux-1.5.3-2.el7rhgs.noarch
tendrl-ansible-1.5.4-1.el7rhgs.noarch
tendrl-node-agent-1.5.4-3.el7rhgs.noarch
tendrl-ui-1.5.4-3.el7rhgs.noarch
tendrl-grafana-plugins-1.5.4-4.el7rhgs.noarch
tendrl-notifier-1.5.4-2.el7rhgs.noarch
tendrl-api-1.5.4-2.el7rhgs.noarch
tendrl-monitoring-integration-1.5.4-4.el7rhgs.noarch

How reproducible:
100%

Steps to Reproduce:
1. Install RHGSWA
2. Log in to RHGSWA UI
3.

Actual results:
http connection is used instead of encrypted https.

Expected results:
Https should be used.

Additional info:
Comment 1 Nishanth Thomas 2017-11-22 12:55:35 UTC 
Have you configured SSL to enable encrypted https?
The procedure is documented at https://github.com/Tendrl/api/pull/264
Comment 2 Nishanth Thomas 2017-11-22 12:58:49 UTC 
Documented at here as well --> https://github.com/Tendrl/documentation/wiki/Enabling-Https-on-tendrl-server
Comment 3 Lubos Trilety 2017-11-22 13:11:23 UTC 
(In reply to Nishanth Thomas from comment #2)
> Documented at here as well -->
> https://github.com/Tendrl/documentation/wiki/Enabling-Https-on-tendrl-server

That's valid for upstream but in downstream the procedure is not supported. As it's not tested with SSL.

Anyway even with that procedure made Grafana will still use not-encrypted connection.
Comment 5 sankarshan 2017-11-23 09:30:01 UTC 
The SSL enablement is driven by the tendrl-ansible component. As the upstream maintainer of the component has not completed the work, it is not logically feasible to expect this to be present in a downstream version of the project. Any work on this feature would need complete delivery and availability via tendrl-ansible and only then can this be included into a release.
Comment 7 Martin Bukatovic 2017-12-04 13:41:31 UTC 
(In reply to sankarshan from comment #5)
> The SSL enablement is driven by the tendrl-ansible component. As the
> upstream maintainer of the component has not completed the work, it is not
> logically feasible to expect this to be present in a downstream version of
> the project. Any work on this feature would need complete delivery and
> availability via tendrl-ansible and only then can this be included into a
> release.

This is true. Myself and tendrl core group agreed to left the ssl enablement
feature out of tendrl ansible, because I didn't find the suggested ssl setup
complete, and tendrl core group didn't want to block upstream on this.

That said, my comment 4 still holds, if there *was* a requirement for this,
we could have allocated the time in upstream to complete this.
Comment 10 Nishanth Thomas 2019-01-08 16:46:33 UTC 
Documented approach for enabling e2e encryption for WA will be available in BU3. Please take a look at https://bugzilla.redhat.com/show_bug.cgi?id=1634719 for details.