1299165 – Enable SSL middleware for Cinder & Nova & Horizon in puppet-tripleo

Bug 1299165 - Enable SSL middleware for Cinder & Nova & Horizon in puppet-tripleo

Summary: Enable SSL middleware for Cinder & Nova & Horizon in puppet-tripleo

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-puppet-modules
Sub Component:
Version:	7.0 (Kilo)
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	z4
Target Release:	7.0 (Kilo)
Assignee:	Emilien Macchi
QA Contact:	Alexander Chuzhoy
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-16 19:44 UTC by Emilien Macchi
Modified:	2016-10-11 13:30 UTC (History)
CC List:	4 users (show)
Fixed In Version:	openstack-puppet-modules-2015.1.8-40.el7ost
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-02-18 16:44:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	268230	None	None	None	2016-01-16 19:45:48 UTC
OpenStack gerrit	268288	None	None	None	2016-01-16 19:46:53 UTC
OpenStack gerrit	268647	None	None	None	2016-01-16 19:46:13 UTC
Red Hat Product Errata	RHBA-2016:0265	normal	SHIPPED_LIVE	openstack-packstack and openstack-puppet-modules bug fix advisory	2016-02-18 21:41:18 UTC

Description Emilien Macchi 2016-01-16 19:44:21 UTC

We need to backport https://review.openstack.org/#/c/268230 and https://review.openstack.org/#/c/268230 in OPM so we can enable SSL in OSP7 for nova & cinder API services.

Comment 1 Emilien Macchi 2016-01-16 19:45:06 UTC

Also Horizon: https://review.openstack.org/#/c/268288/

Comment 10 Alexander Chuzhoy 2016-01-28 20:20:23 UTC

Verified:
Environment:
openstack-puppet-modules-2015.1.8-45.el7ost.noarch


So for cinder:
In /etc/cinder/api-paste.ini we now have the following:

[filter:ssl_header_handler]
paste.filter_factory=oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory


Horizon:
Checking a deployment with SSL:
grep rsprep  /etc/haproxy/haproxy.cfg

  rsprep ^Location:\ http://(.*) Location:\ https://\1


Nova was deemed unnecessary for the purposes of enabling public endpoints in the overcloud

Comment 13 errata-xmlrpc 2016-02-18 16:44:34 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0265.html

Note You need to log in before you can comment on or make changes to this bug.