Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1534484 - RFE: [Deployment] Encrypt vnc traffic from controller node to compute nodes if ssl_only turned on
RFE: [Deployment] Encrypt vnc traffic from controller node to compute nodes i...
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: puppet-tripleo (Show other bugs)
13.0 (Queens)
Unspecified Unspecified
low Severity high
: beta
: 13.0 (Queens)
Assigned To: Ollie Walsh
Archit Modi
https://blueprints.launchpad.net/nova...
upstream_milestone_none upstream_defi...
: FutureFeature, Triaged
Depends On: encrypt_vnc_traffic 1539408 1563173
Blocks: 1419948 1442136 1077198
  Show dependency treegraph
 
Reported: 2018-01-15 05:51 EST by Stephen Finucane
Modified: 2018-06-27 09:42 EDT (History)
28 users (show)

See Also:
Fixed In Version: puppet-tripleo-8.3.1-0.20180304033907.ed3285e.el7ost openstack-tripleo-heat-templates-8.0.0-0.20180304031147.el7ost
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: encrypt_vnc_traffic
Environment:
Last Closed: 2018-06-27 09:42:10 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 535698 None master: MERGED puppet-nova: Add support for VNC TLS (I24a9841ba04c95df27599b4d7ac2da8416e751e5) 2018-03-16 14:14 EDT
OpenStack gerrit 536404 None master: MERGED puppet-tripleo: Add support for libvirt VNC TLS with option of a dedicated CA (Ic73bcbdbecc1bc05f43acdd5480370f37ead3fb8... 2018-03-16 14:14 EDT
OpenStack gerrit 550093 None stable/queens: MERGED tripleo-heat-templates: Add support for libvirt VNC TLS (I67ffd847dc2d1949833a9d7039ad51e4364e02da) 2018-03-16 14:13 EDT
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 09:42 EDT

  None (edit)
Comment 11 Jon Schlueter 2018-03-16 14:16:46 EDT 
removing master patch as stable/queens patch is landed
Comment 21 Damien Ciabrini 2018-04-03 06:10:29 EDT 
When deploying OSP13 2018-03-29.1, I get a deployment failure at Step1:

        "Notice: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Exec[tripleo-ca-crl-process-command]: Dependency File[tripleo-ca-crl] has failures: true", 

Which apparently is due to a SELinux denial:

    [root@compute-1 ~]# /usr/bin/getcert list -i libvirt-vnc-server-cert
    Number of certificates and requests being tracked: 4.
    Request ID 'libvirt-vnc-server-cert':
            status: NEED_CA_CERT_SAVE_PERMS
            stuck: yes
            key pair storage: type=FILE,location='/etc/pki/libvirt-vnc/server-key.pem'
            certificate: type=FILE,location='/etc/pki/libvirt-vnc/server-cert.pem'
            CA: IPA
            issuer:
            subject:
            expires: unknown
            pre-save command:
            post-save command: "systemctl reload libvirtd"
            track: yes
            auto-renew: yes
     
    [root@compute-1 ~]# grep -i denied /var/log/audit/audit.log
    type=AVC msg=audit(1522743223.463:133): avc:  denied  { create } for  pid=15813 comm="certmonger" name="vnc.crt" scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
Comment 29 errata-xmlrpc 2018-06-27 09:42:10 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.