Bug 1299165 - Enable SSL middleware for Cinder & Nova & Horizon in puppet-tripleo
Enable SSL middleware for Cinder & Nova & Horizon in puppet-tripleo
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-puppet-modules (Show other bugs)
7.0 (Kilo)
All Linux
urgent Severity urgent
: z4
: 7.0 (Kilo)
Assigned To: Emilien Macchi
Alexander Chuzhoy
: ZStream
Depends On:
  Show dependency treegraph
Reported: 2016-01-16 14:44 EST by Emilien Macchi
Modified: 2016-10-11 09:30 EDT (History)
4 users (show)

See Also:
Fixed In Version: openstack-puppet-modules-2015.1.8-40.el7ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-02-18 11:44:34 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 268230 None None None 2016-01-16 14:45 EST
OpenStack gerrit 268288 None None None 2016-01-16 14:46 EST
OpenStack gerrit 268647 None None None 2016-01-16 14:46 EST
Red Hat Product Errata RHBA-2016:0265 normal SHIPPED_LIVE openstack-packstack and openstack-puppet-modules bug fix advisory 2016-02-18 16:41:18 EST

  None (edit)
Description Emilien Macchi 2016-01-16 14:44:21 EST
We need to backport https://review.openstack.org/#/c/268230 and https://review.openstack.org/#/c/268230 in OPM so we can enable SSL in OSP7 for nova & cinder API services.
Comment 1 Emilien Macchi 2016-01-16 14:45:06 EST
Also Horizon: https://review.openstack.org/#/c/268288/
Comment 10 Alexander Chuzhoy 2016-01-28 15:20:23 EST

So for cinder:
In /etc/cinder/api-paste.ini we now have the following:


Checking a deployment with SSL:
grep rsprep  /etc/haproxy/haproxy.cfg

  rsprep ^Location:\ http://(.*) Location:\ https://\1

Nova was deemed unnecessary for the purposes of enabling public endpoints in the overcloud
Comment 13 errata-xmlrpc 2016-02-18 11:44:34 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.