1613158 – [OSP14] with tls-everywhere connection from haproxy -> novnc proxy is not encrypted

Bug 1613158 - [OSP14] with tls-everywhere connection from haproxy -> novnc proxy is not encrypted

Summary: [OSP14] with tls-everywhere connection from haproxy -> novnc proxy is not enc...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	13.0 (Queens)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	beta
Target Release:	14.0 (Rocky)
Assignee:	Martin Schuppert
QA Contact:	Archit Modi
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1613380 (view as bug list)
Depends On:
Blocks:	1613161
TreeView+	depends on / blocked

Reported:	2018-08-07 07:11 UTC by Martin Schuppert
Modified:	2019-01-11 11:51 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-9.0.0-0.20180919080946.0rc1.0rc1.el7ost puppet-tripleo-9.3.1-0.20180831202649.8ec6c86.el7ost openstack-tripleo-common-9.3.1-0.20180923215328.d22cb3e.el7ost
Doc Type:	Bug Fix
Doc Text:	In a tls-everywhere scenario for VNC, the following TLS connections exist: - client -> haproxy - novncproxy -> vnc server (instance) However, the connection from haproxy to nova novncproxy was not encrypted, resulting in an unencrypted local connection from haproxy to nova novnc-proxy service on the controller. With this release, the connection from haproxy to nova novnc-proxy service is encrypted.
Clone Of:
Clones:	1613161 (view as bug list)
Environment:
Last Closed:	2019-01-11 11:51:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1785700	None	None	None	2018-08-07 07:11:37 UTC
OpenStack gerrit	589414	None	None	None	2018-08-07 09:54:28 UTC
OpenStack gerrit	589434	None	None	None	2018-08-07 11:39:23 UTC
OpenStack gerrit	589732	None	None	None	2018-08-09 08:22:48 UTC
Red Hat Product Errata	RHEA-2019:0045	None	None	None	2019-01-11 11:51:23 UTC

Description Martin Schuppert 2018-08-07 07:11:37 UTC

Description of problem:

when tls-everywhere is configured we have TLS connection from:
- client -> haproxy
- novncproxy -> vnc server (instance)

but the connection from haproxy -> nova novnxproxy not encrypted

Version-Release number of selected component (if applicable):
OSP13

Comment 1 Martin Schuppert 2018-08-07 13:34:28 UTC

*** Bug 1613380 has been marked as a duplicate of this bug. ***

Comment 9 errata-xmlrpc 2019-01-11 11:51:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:0045

Note You need to log in before you can comment on or make changes to this bug.