Bug 1613161

Summary: [OSP13] with tls-everywhere connection from haproxy -> novnc proxy is not encrypted
Product: Red Hat OpenStack Reporter: Martin Schuppert <mschuppe>
Component: openstack-tripleo-heat-templatesAssignee: Martin Schuppert <mschuppe>
Status: CLOSED CURRENTRELEASE QA Contact: Archit Modi <amodi>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: agurenko, bperkins, eglynn, jschluet, lmarsh, lyarwood, marjones, mbooth, mburns, mschuppe, owalsh, pmorey, rlondhe, rrasouli, slinaber, yprokule
Target Milestone: z4Keywords: TestOnly, Triaged, ZStream
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: puppet-nova-12.4.0-7.el7ost puppet-tripleo-8.3.4-11.el7ost openstack-tripleo-heat-templates-8.0.4-32.el7ost Doc Type: Bug Fix
Doc Text:
In a tls-everywhere scenario for VNC, the following TLS connections exist: - client -> haproxy - novncproxy -> vnc server (instance) However, the connection from haproxy to nova novncproxy was not encrypted, resulting in an unencrypted local connection from haproxy to nova novnc-proxy service on the controller. With this release, the connection from haproxy to nova novnc-proxy service is encrypted.
 Story Points: ---
Clone Of: 1613158 Environment:
Last Closed: 2018-12-13 11:45:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1613158, 1644747    
Bug Blocks: 1613255    

Description Martin Schuppert 2018-08-07 07:20:29 UTC 
+++ This bug was initially created as a clone of Bug #1613158 +++

Description of problem:

when tls-everywhere is configured we have TLS connection from:
- client -> haproxy
- novncproxy -> vnc server (instance)

but the connection from haproxy -> nova novnxproxy not encrypted

Version-Release number of selected component (if applicable):
OSP13
Comment 4 Michele Baldessari 2018-08-16 09:00:11 UTC 
*** Bug 1617900 has been marked as a duplicate of this bug. ***
Comment 7 Rajesh Tailor 2018-08-24 11:31:23 UTC 
*** Bug 1618983 has been marked as a duplicate of this bug. ***
Comment 12 Lon Hohberger 2018-10-03 10:34:47 UTC 
According to our records, this should be resolved by openstack-tripleo-common-8.6.3-13.el7ost.  This build is available now.
Comment 28 Martin Schuppert 2018-11-13 15:07:09 UTC 
Note - blocked by issue in:

https://bugzilla.redhat.com/show_bug.cgi?id=1644747