Bug 1115896 - Novnc should be set up with https
Summary: Novnc should be set up with https
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack
Version: 5.0 (RHEL 7)
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: z5
: 5.0 (RHEL 7)
Assignee: Gaël Chamoulaud
QA Contact: Ido Ovadia
URL:
Whiteboard:
: 1116903 (view as bug list)
Depends On:
Blocks: 1256878
TreeView+ depends on / blocked
 
Reported: 2014-07-03 09:53 UTC by Julie Pichon
Modified: 2015-09-10 11:36 UTC (History)
10 users (show)

Fixed In Version: openstack-packstack-2014.1.1-0.47.dev1288.el7ost
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1256878 (view as bug list)
Environment:
Last Closed: 2015-09-10 11:36:23 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 109011 0 None None None Never
OpenStack gerrit 125055 0 None None None Never
OpenStack gerrit 210450 0 None None None Never
Red Hat Product Errata RHBA-2015:1746 0 normal SHIPPED_LIVE openstack-packstack and openstack-puppet-modules bug fix advisory 2015-09-10 15:36:02 UTC

Description Julie Pichon 2014-07-03 09:53:58 UTC 
Description of problem:
Nova novnc isn't set up to use https, which can cause issues for example when Horizon is set up to use SSL (this causes bug 1102660).

When I set CONFIG_HORIZON_SSL=y in Packstack only Horizon gets set up with SSL, novnc doesn't. This causes the console to not be displayed when looking at an instance's details. This only happens when Horizon is on SSL and novnc without. Once I set up Nova to provide the VNC console with SSL (updating the baseurl etc in /etc/nova/nova.conf), it gets displayed correctly in Horizon.

Version-Release number of selected component (if applicable):
openstack-packstack-2014.1.1-0.13.dev1068 (from the original bug, but I was able to reproduce this with a more recent release a few weeks ago)

How reproducible:
100%

Steps to Reproduce:
1. Set CONFIG_HORIZON_SSL=y
2. Browse to: https://<FQDN>/dashboard/project/instances/<INSTANCE_UUID>/

Actual results:
3. The console doesn't display

Expected results:
3. The console should display, and will if it is set to https


Additional info:
Rather than changing the component for bug 1102660, I thought it'd be easier to open a new bug to make the actual issue clearer rather than lost in the history.
Comment 2 Gaël Chamoulaud 2014-07-22 20:59:31 UTC 
*** Bug 1116903 has been marked as a duplicate of this bug. ***
Comment 6 Ido Ovadia 2014-09-21 14:34:26 UTC 
Failed QA
=========

The console doesn't display

openstack-packstack-puppet-2014.1.1-0.41.dev1251.el7ost.noarch
Comment 7 Stephen Gordon 2014-09-24 20:17:05 UTC 
Moving to A2 unless this is a regression?
Comment 9 Julie Pichon 2014-09-24 23:19:57 UTC 
Agreed, this is not a regression.
Comment 11 Ido Ovadia 2014-10-30 13:56:29 UTC 
The bug reproduced on:
openstack-packstack-puppet-2014.2-0.4.dev1266.g63d9c50.el7.centos.noarch

Aditional info:
===============
When changing the URL from 
https://<FQDN>/dashboard/project/instances/<INSTANCE_UUID>/ 
to
http://<FQDN>/dashboard/project/instances/<INSTANCE_UUID>/
the console is opend. 

Is it additional bug? a security bug?
Comment 15 Ido Ovadia 2015-03-30 13:36:31 UTC 
Failed QA
=========

The console doesn't display

Failed to connect to server (code: 1006)
Comment 17 Ivan Chavero 2015-08-13 01:02:37 UTC 

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 19 Ido Ovadia 2015-09-02 14:31:13 UTC 
Verified
========
openstack-packstack-2014.1.1-0.48.dev1289.el7ost.noarch
Comment 21 errata-xmlrpc 2015-09-10 11:36:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1746.html
Note You need to log in before you can comment on or make changes to this bug.