Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 903813

Summary: Configure Horizon to use HTTPS by default.
Product: Red Hat OpenStack Reporter: Stephen Gordon <sgordon>
Component: openstack-packstackAssignee: Martin Magr <mmagr>
Status: CLOSED ERRATA QA Contact: Nir Magnezi <nmagnezi>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.1CC: aortega, derekh, fpercoco, jhenner, ykaul
Target Milestone: snapshot4Keywords: Triaged
Target Release: 2.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-packstack-2012.2.3-0.1.dev454 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-21 18:25:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stephen Gordon 2013-01-24 21:25:42 UTC 
Description of problem:

While doing the documentation for Bug # 889118 ("Please add a hint to firewall, and also use https") I noticed that on my packstack deployment it appears that only http is opened in the firewall. From /etc/sysconfig/iptables:

-A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 horizon incoming" -j ACCEPT

I think we should default to HTTPS here if possible (or at worst both HTTP and HTTPS)?

Version-Release number of selected component (if applicable):

openstack-packstack-2012.2.2-0.5.dev318.el6ost.noarch
Comment 1 Flavio Percoco 2013-01-25 14:23:57 UTC 
Enabling both port looks right to me!
Comment 2 Derek Higgins 2013-02-22 16:28:55 UTC 
Fix submitted upstream
https://review.openstack.org/#/c/22698/

The default self signed certs are used so 
1. a warning is being output
 * NOTE : You should change the ssl certificates used to a your own CA signed cert

2. this is not the default CONFIG_HORIZON_SSL must be set to 'y' otherwise plain text will be used.
Comment 4 Nir Magnezi 2013-03-06 14:30:10 UTC 
Verified NVR: openstack-packstack-2012.2.3-0.1.dev454.el6ost.noarch

1. Installed OpenStack via packstack, While setting CONFIG_HORIZON_SSL attribute to 'y'

Verified that:
httpd now listen both to 80 and 443
horizon accepts connections in http and https
Comment 7 errata-xmlrpc 2013-03-21 18:25:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0671.html