Bug 1623938 - TLS backend encryption
Summary: TLS backend encryption
Keywords:
Status: ON_DEV
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-octavia
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Brent Eagles
QA Contact: Bruna Bonguardo
URL:
Whiteboard:
Depends On:
Blocks: 2230082
TreeView+ depends on / blocked
 
Reported: 2018-08-30 13:52 UTC by Bernard Cafarelli
Modified: 2023-08-08 16:40 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
: 2230082 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack Storyboard 2003858 0 None None None 2023-07-21 21:41:08 UTC
OpenStack gerrit 614447 0 None MERGED Add 2 new fields into Pool API for support re-encryption 2023-07-21 21:41:08 UTC
OpenStack gerrit 620211 0 None MERGED Add 2 new options to Pool for support backend certificates validation 2023-07-21 21:41:08 UTC
OpenStack gerrit 624264 0 None MERGED Add boolean tls_enabled option into Pool 2023-07-21 21:41:08 UTC
OpenStack gerrit 624265 0 None MERGED Add enable_tls option into Pool CLI 2023-07-21 21:41:08 UTC
OpenStack gerrit 759973 0 None MERGED Enable HTTPS on the test servers 2023-07-21 21:41:08 UTC
OpenStack gerrit 760465 0 None MERGED Adds a pool re-encryption scenario test 2023-07-21 21:41:08 UTC
Red Hat Issue Tracker OSP-5198 0 None None None 2022-02-22 06:10:19 UTC

Description Bernard Cafarelli 2018-08-30 13:52:23 UTC 
Support the upstream effort to implement backend re-encryption
(in considerations list for Octavia 4.0+)
Comment 4 Carlos Goncalves 2019-03-20 16:54:29 UTC 
Feature is added in Stein. No tempest tests proposed at this time. Pushing decision to support backend re-encryption for OSP 16 (Train).
Comment 5 Toni Freger 2019-04-15 05:27:14 UTC 
qe_nack from my side.
Due to lack of resources we won't be able to test this one.
Comment 9 Carlos Goncalves 2020-03-14 14:27:45 UTC 
Partially implemented. SDK, Dashboard and Tempest incomplete.
Comment 10 Carlos Goncalves 2020-03-14 14:29:44 UTC 
TLS-terminated load balancer traffic flows unencrypted between the load balancer and backend servers which may pose a security risk. Load balancers should be able to encrypt internal traffic.

https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-load-balancer-with-backend-re-encryption
Comment 13 Scott Lewis 2020-04-19 19:06:24 UTC 
Removing Target Milestone; please replan
Note You need to log in before you can comment on or make changes to this bug.