Bug 1572355
Summary: | FedRAMP requires cloud providers to use TLS v1.1 as a minimum | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Harry Rybacki <hrybacki> |
Component: | puppet-tripleo | Assignee: | RHOS Maint <rhos-maint> |
Status: | CLOSED ERRATA | QA Contact: | pkomarov |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 13.0 (Queens) | CC: | aschultz, augol, chjones, dbecker, hrybacki, jjoyce, josorior, jschluet, kbasil, mburns, morazi, nlevinki, pkomarov, rhel-osp-director-maint, rhos-maint, slinaber, tvignaud |
Target Milestone: | async | Keywords: | TestOnly, Triaged, ZStream |
Target Release: | 10.0 (Newton) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | puppet-tripleo-5.6.8-4.el7ost | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | 1572353 | Environment: | |
Last Closed: | 2018-06-27 23:30:45 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1553273, 1572353 | ||
Bug Blocks: |
Comment 1
Harry Rybacki
2018-04-26 19:28:18 UTC
According to our records, this should be resolved by puppet-tripleo-5.6.8-6.el7ost. This build is available now. Verified , [stack@undercloud-0 ~]$ ansible overcloud -b -mshell -a'rpm -qa|grep puppet-tripleo;grep ssl_version /usr/share/openstack-puppet/modules/tripleo/manifests/stunnel/service_proxy.pp' core_puddle_version : 2018-05-25.1 Minimum TLS version is enforced : controller-1 | SUCCESS | rc=0 >> puppet-tripleo-8.3.2-6.el7ost.noarch # [*ssl_version*] $ssl_version = 'TLSv1.2' controller-2 | SUCCESS | rc=0 >> puppet-tripleo-8.3.2-6.el7ost.noarch # [*ssl_version*] $ssl_version = 'TLSv1.2' controller-0 | SUCCESS | rc=0 >> puppet-tripleo-8.3.2-6.el7ost.noarch # [*ssl_version*] $ssl_version = 'TLSv1.2' overcloud-novacomputeiha-0 | SUCCESS | rc=0 >> puppet-tripleo-8.3.2-6.el7ost.noarch # [*ssl_version*] $ssl_version = 'TLSv1.2' overcloud-novacomputeiha-1 | SUCCESS | rc=0 >> puppet-tripleo-8.3.2-6.el7ost.noarch # [*ssl_version*] $ssl_version = 'TLSv1.2' Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2101 |