Bug 1613161
Summary: | [OSP13] with tls-everywhere connection from haproxy -> novnc proxy is not encrypted | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Martin Schuppert <mschuppe> |
Component: | openstack-tripleo-heat-templates | Assignee: | Martin Schuppert <mschuppe> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Archit Modi <amodi> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 13.0 (Queens) | CC: | agurenko, bperkins, eglynn, jschluet, lmarsh, lyarwood, marjones, mbooth, mburns, mschuppe, owalsh, pmorey, rlondhe, rrasouli, slinaber, yprokule |
Target Milestone: | z4 | Keywords: | TestOnly, Triaged, ZStream |
Target Release: | 13.0 (Queens) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | puppet-nova-12.4.0-7.el7ost puppet-tripleo-8.3.4-11.el7ost openstack-tripleo-heat-templates-8.0.4-32.el7ost | Doc Type: | Bug Fix |
Doc Text: |
In a tls-everywhere scenario for VNC, the following TLS connections exist:
- client -> haproxy
- novncproxy -> vnc server (instance)
However, the connection from haproxy to nova novncproxy was not encrypted, resulting in an unencrypted local connection from haproxy to nova novnc-proxy service on the controller. With this release, the connection from haproxy to nova novnc-proxy service is encrypted.
|
Story Points: | --- |
Clone Of: | 1613158 | Environment: | |
Last Closed: | 2018-12-13 11:45:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1613158, 1644747 | ||
Bug Blocks: | 1613255 |
Description
Martin Schuppert
2018-08-07 07:20:29 UTC
*** Bug 1617900 has been marked as a duplicate of this bug. *** *** Bug 1618983 has been marked as a duplicate of this bug. *** According to our records, this should be resolved by openstack-tripleo-common-8.6.3-13.el7ost. This build is available now. Note - blocked by issue in: https://bugzilla.redhat.com/show_bug.cgi?id=1644747 |