1613161 – [OSP13] with tls-everywhere connection from haproxy -> novnc proxy is not encrypted

Bug 1613161 - [OSP13] with tls-everywhere connection from haproxy -> novnc proxy is not encrypted

Summary: [OSP13] with tls-everywhere connection from haproxy -> novnc proxy is not enc...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	13.0 (Queens)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z4
Target Release:	13.0 (Queens)
Assignee:	Martin Schuppert
QA Contact:	Archit Modi
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	1617900 1618983 (view as bug list)
Depends On:	1613158 1644747
Blocks:	1613255
TreeView+	depends on / blocked

Reported:	2018-08-07 07:20 UTC by Martin Schuppert
Modified:	2022-03-13 15:24 UTC (History)
CC List:	16 users (show)
Fixed In Version:	puppet-nova-12.4.0-7.el7ost puppet-tripleo-8.3.4-11.el7ost openstack-tripleo-heat-templates-8.0.4-32.el7ost
Doc Type:	Bug Fix
Doc Text:	In a tls-everywhere scenario for VNC, the following TLS connections exist: - client -> haproxy - novncproxy -> vnc server (instance) However, the connection from haproxy to nova novncproxy was not encrypted, resulting in an unencrypted local connection from haproxy to nova novnc-proxy service on the controller. With this release, the connection from haproxy to nova novnc-proxy service is encrypted.
Clone Of:	1613158
Environment:
Last Closed:	2018-12-13 11:45:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1785700	None	None	None	2018-08-07 07:20:29 UTC
OpenStack gerrit	591141	None	MERGED	Use https for novnc proxy healthcheck if ssl_only is configured	2021-01-29 11:22:02 UTC
OpenStack gerrit	594145	None	MERGED	Revert "Revert "SSL support for haproxy -> novnc proxy connection""	2021-01-29 11:22:46 UTC
OpenStack gerrit	594150	None	MERGED	Revert "Revert "SSL support for haproxy -> novnc proxy connection""	2021-01-29 11:22:03 UTC
Red Hat Issue Tracker	OSP-13611	None	None	None	2022-03-13 15:24:36 UTC

Description Martin Schuppert 2018-08-07 07:20:29 UTC

+++ This bug was initially created as a clone of Bug #1613158 +++

Description of problem:

when tls-everywhere is configured we have TLS connection from:
- client -> haproxy
- novncproxy -> vnc server (instance)

but the connection from haproxy -> nova novnxproxy not encrypted

Version-Release number of selected component (if applicable):
OSP13

Comment 4 Michele Baldessari 2018-08-16 09:00:11 UTC

*** Bug 1617900 has been marked as a duplicate of this bug. ***

Comment 7 Rajesh Tailor 2018-08-24 11:31:23 UTC

*** Bug 1618983 has been marked as a duplicate of this bug. ***

Comment 12 Lon Hohberger 2018-10-03 10:34:47 UTC

According to our records, this should be resolved by openstack-tripleo-common-8.6.3-13.el7ost.  This build is available now.

Comment 28 Martin Schuppert 2018-11-13 15:07:09 UTC

Note - blocked by issue in:

https://bugzilla.redhat.com/show_bug.cgi?id=1644747

Note You need to log in before you can comment on or make changes to this bug.