Bug 1623938

Summary: TLS backend encryption
Product: Red Hat OpenStack Reporter: Bernard Cafarelli <bcafarel>
Component: openstack-octaviaAssignee: Brent Eagles <beagles>
Status: ON_DEV --- QA Contact: Bruna Bonguardo <bbonguar>
Severity: medium Docs Contact:
Priority: medium    
Version: 17.0 (Wallaby)CC: beagles, cgoncalves, gregraka, gthiemon, ihrachys, lpeer, ltomasbo, majopela, michjohn, spower, tfreger
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 2230082 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2230082    

Description Bernard Cafarelli 2018-08-30 13:52:23 UTC 
Support the upstream effort to implement backend re-encryption
(in considerations list for Octavia 4.0+)
Comment 4 Carlos Goncalves 2019-03-20 16:54:29 UTC 
Feature is added in Stein. No tempest tests proposed at this time. Pushing decision to support backend re-encryption for OSP 16 (Train).
Comment 5 Toni Freger 2019-04-15 05:27:14 UTC 
qe_nack from my side.
Due to lack of resources we won't be able to test this one.
Comment 9 Carlos Goncalves 2020-03-14 14:27:45 UTC 
Partially implemented. SDK, Dashboard and Tempest incomplete.
Comment 10 Carlos Goncalves 2020-03-14 14:29:44 UTC 
TLS-terminated load balancer traffic flows unencrypted between the load balancer and backend servers which may pose a security risk. Load balancers should be able to encrypt internal traffic.

https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-load-balancer-with-backend-re-encryption
Comment 13 Scott Lewis 2020-04-19 19:06:24 UTC 
Removing Target Milestone; please replan