Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1613158

Summary: [OSP14] with tls-everywhere connection from haproxy -> novnc proxy is not encrypted
Product: Red Hat OpenStack Reporter: Martin Schuppert <mschuppe>
Component: openstack-tripleo-heat-templatesAssignee: Martin Schuppert <mschuppe>
Status: CLOSED ERRATA QA Contact: Archit Modi <amodi>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: bperkins, gcharot, mbooth, mburns, mschuppe
Target Milestone: betaKeywords: Triaged
Target Release: 14.0 (Rocky)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-9.0.0-0.20180919080946.0rc1.0rc1.el7ost puppet-tripleo-9.3.1-0.20180831202649.8ec6c86.el7ost openstack-tripleo-common-9.3.1-0.20180923215328.d22cb3e.el7ost Doc Type: Bug Fix
Doc Text:
In a tls-everywhere scenario for VNC, the following TLS connections exist: - client -> haproxy - novncproxy -> vnc server (instance) However, the connection from haproxy to nova novncproxy was not encrypted, resulting in an unencrypted local connection from haproxy to nova novnc-proxy service on the controller. With this release, the connection from haproxy to nova novnc-proxy service is encrypted.
 Story Points: ---
Clone Of:
: 1613161 (view as bug list) Environment:
Last Closed: 2019-01-11 11:51:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1613161    

Description Martin Schuppert 2018-08-07 07:11:37 UTC 
Description of problem:

when tls-everywhere is configured we have TLS connection from:
- client -> haproxy
- novncproxy -> vnc server (instance)

but the connection from haproxy -> nova novnxproxy not encrypted

Version-Release number of selected component (if applicable):
OSP13
Comment 1 Martin Schuppert 2018-08-07 13:34:28 UTC 
*** Bug 1613380 has been marked as a duplicate of this bug. ***
Comment 9 errata-xmlrpc 2019-01-11 11:51:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:0045