Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1336504 - [RFE] TLS for internal services
[RFE] TLS for internal services
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates (Show other bugs)
11.0 (Ocata)
Unspecified Unspecified
high Severity high
: Upstream M2
: 12.0 (Pike)
Assigned To: Emilien Macchi
Prasanth Anbalagan
: FutureFeature, Triaged
: 1293943 1433717 (view as bug list)
Depends On: 1420946 1513437 1513440
Blocks: 1389435 1442136 1417142
  Show dependency treegraph
 
Reported: 2016-05-16 12:39 EDT by Maxime Payant-Chartier
Modified: 2018-02-05 14:02 EST (History)
38 users (show)

See Also:
Fixed In Version: openstack-tripleo-heat-templates-7.0.0-0.20170706121722.el7ost puppet-tripleo-7.1.1-0.20170706195430.76af0ab.el7ost
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1417142 (view as bug list)
Environment:
Last Closed: 2017-12-13 15:41:55 EST
Type: Feature Request
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 282307 None None None 2016-05-16 12:45 EDT
OpenStack gerrit 474135 None None None 2017-06-28 07:56 EDT
OpenStack gerrit 478617 None None None 2017-06-28 15:52 EDT
Red Hat Product Errata RHEA-2017:3462 normal SHIPPED_LIVE Red Hat OpenStack Platform 12.0 Enhancement Advisory 2018-02-15 20:43:25 EST

  None (edit)
Description Maxime Payant-Chartier 2016-05-16 12:39:25 EDT 
Description of problem:

Adding TLS support for MariaDB, RabbitMQ and internal services endpoints.
Comment 9 Ehud 2017-01-09 04:47:56 EST 
We are looking for the following with TLS:
•         Does Nova communicate with Glance securely
•         Is TLS enabled for authentication?
•         Does cinder communicate with glance over TLS
•         Does cinder communicate with nova over TLS
•         Is TLS enabled on Neutron API server
Comment 12 Juan Antonio Osorio 2017-01-10 10:12:44 EST 
•         Does Nova communicate with Glance securely
Not yet, patches are up
•         Is TLS enabled for authentication?
yes
•         Does cinder communicate with glance over TLS
not yet, Cinder is using TLS for all it's endpoints, but TLS for glance is in progress.
•         Does cinder communicate with nova over TLS
yes.
•         Is TLS enabled on Neutron API server
not yet. Working on that.

There are still services that don't have TLS enabled, my main delays have been trying to get services over httpd, and getting a CI job to test this upstream. The CI job is almost ready, and regarding the services; Even if I spent a lot of time trying to get services such as glance, swift and heat over httpd, those won't happen in this release (and swift probably won't happen at all). So instead I'll use mod_proxy in front of these services (with the pieces to do this landing recently).
Comment 15 Red Hat Bugzilla Rules Engine 2017-01-31 20:27:40 EST 
This bugzilla has been removed from the release and needs to be reviewed for targeting another release.
Comment 22 Nathan Kinder 2017-02-09 18:59:15 EST 
*** Bug 1293943 has been marked as a duplicate of this bug. ***
Comment 26 Keith Basil 2017-03-20 09:34:31 EDT 
*** Bug 1433717 has been marked as a duplicate of this bug. ***
Comment 35 Yves Brissette 2017-06-20 12:44:31 EDT 
Adding TLS support for MariaDB, RabbitMQ and internal services endpoints are critical requirements for CBIS to achieve ANSSI compliance.
Comment 41 errata-xmlrpc 2017-12-13 15:41:55 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.