Description of problem:
If we break the novnc connections into three parts as below:
client browser (1) -----> novnc proxy (2) ------> compute node (3)
Then the present status is: connection from browser to proxy is encrypted, while the nonvnc proxy(on controller nodes) to compute nodes are NOT.
We would like the novnc traffic from controller node to compute nodes be encrypted as wel.
I think we need to raise a BP for this upstream to get things moving.
*** Bug 865343 has been marked as a duplicate of this bug. ***
This was accepted for Juno but the code didn't get merged due to review bandwidth.
The blueprint has been re-introduced and should make it in for Kilo.
The blueprint was accepted, and code has been posted to upstream Gerrit.
The upstream patch:
has missed the Kilo window and been deferred to Liberty-1, bumping this BZ appropriately.
This patch missed Liberty too, but I will take it up again for Mitaka. The code is basically done, so hopefully it is a exercise in rubber stamping the code review.
(In reply to Daniel Berrange from comment #16)
> This patch missed Liberty too, but I will take it up again for Mitaka. The
> code is basically done, so hopefully it is a exercise in rubber stamping the
> code review.
Unfortunately it looks like we missed Mitaka (not for want of trying), moving to next release.
Missed Newton freeze, moving out to Ocata.
*** Bug 1484394 has been marked as a duplicate of this bug. ***
*** Bug 1449307 has been marked as a duplicate of this bug. ***
*** Bug 1086964 has been marked as a duplicate of this bug. ***
Reviews available here https://review.openstack.org/#/q/branch:master+topic:bp/websocket-proxy-to-host-security
Sorry for the delay.
The various patches, all of which have now landed, can be viewed here:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.