Description of problem: RHGSWA UI doesn't use ssl certification. There's authentication, but after user is logged in, open not-encrypted connection is still used. More info about this can be found in upstream issue: https://github.com/Tendrl/tendrl-ansible/issues/30 Version-Release number of selected component (if applicable): tendrl-selinux-1.5.3-2.el7rhgs.noarch tendrl-commons-1.5.4-3.el7rhgs.noarch tendrl-api-httpd-1.5.4-2.el7rhgs.noarch tendrl-grafana-selinux-1.5.3-2.el7rhgs.noarch tendrl-ansible-1.5.4-1.el7rhgs.noarch tendrl-node-agent-1.5.4-3.el7rhgs.noarch tendrl-ui-1.5.4-3.el7rhgs.noarch tendrl-grafana-plugins-1.5.4-4.el7rhgs.noarch tendrl-notifier-1.5.4-2.el7rhgs.noarch tendrl-api-1.5.4-2.el7rhgs.noarch tendrl-monitoring-integration-1.5.4-4.el7rhgs.noarch How reproducible: 100% Steps to Reproduce: 1. Install RHGSWA 2. Log in to RHGSWA UI 3. Actual results: http connection is used instead of encrypted https. Expected results: Https should be used. Additional info:
Have you configured SSL to enable encrypted https? The procedure is documented at https://github.com/Tendrl/api/pull/264
Documented at here as well --> https://github.com/Tendrl/documentation/wiki/Enabling-Https-on-tendrl-server
(In reply to Nishanth Thomas from comment #2) > Documented at here as well --> > https://github.com/Tendrl/documentation/wiki/Enabling-Https-on-tendrl-server That's valid for upstream but in downstream the procedure is not supported. As it's not tested with SSL. Anyway even with that procedure made Grafana will still use not-encrypted connection.
The SSL enablement is driven by the tendrl-ansible component. As the upstream maintainer of the component has not completed the work, it is not logically feasible to expect this to be present in a downstream version of the project. Any work on this feature would need complete delivery and availability via tendrl-ansible and only then can this be included into a release.
(In reply to sankarshan from comment #5) > The SSL enablement is driven by the tendrl-ansible component. As the > upstream maintainer of the component has not completed the work, it is not > logically feasible to expect this to be present in a downstream version of > the project. Any work on this feature would need complete delivery and > availability via tendrl-ansible and only then can this be included into a > release. This is true. Myself and tendrl core group agreed to left the ssl enablement feature out of tendrl ansible, because I didn't find the suggested ssl setup complete, and tendrl core group didn't want to block upstream on this. That said, my comment 4 still holds, if there *was* a requirement for this, we could have allocated the time in upstream to complete this.
Documented approach for enabling e2e encryption for WA will be available in BU3. Please take a look at https://bugzilla.redhat.com/show_bug.cgi?id=1634719 for details.