Bug 1701427 - [OSP-13] TLS for Manila Internal services
Summary: [OSP-13] TLS for Manila Internal services
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: puppet-manila
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z7
: 13.0 (Queens)
Assignee: Goutham Pacha Ravi
QA Contact: Jason Grosso
Laura Marsh
URL:
Whiteboard:
Depends On: 1701425 1701426
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-04-18 23:30 UTC by Goutham Pacha Ravi
Modified: 2019-07-10 13:05 UTC (History)
17 users (show)

Fixed In Version: puppet-manila-12.5.0-6.el7ost
Doc Type: Enhancement
Doc Text:
Previously, if you enabled TLS throughout your environment, the communication between internal services, such as the haproxy and the manila API, was not secured. With this update, the manila API supports TLS endpoints on the internal API network.
Clone Of: 1701426
Environment:
Last Closed: 2019-07-10 13:05:12 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 653089 0 None MERGED Switch Manila API to httpd and support TLS 2020-12-03 22:58:15 UTC
Red Hat Product Errata RHBA-2019:1738 0 None None None 2019-07-10 13:05:23 UTC

Description Goutham Pacha Ravi 2019-04-18 23:30:44 UTC 
This bug was initially created as a copy of Bug #1484601 (Stein RFE)
This bug was initially created as a clone of Bug #1701426 (Backport to OSP 14 from OSP 15/Stein)

I am copying this bug because a backport of this feature has been requested to OSP 14 and OSP 13

Description of problem:
TLS Support for Manila internal services: 
 Following flows:
 - client to HAProxy
  - HAProxy to server instance

DFG is requested to test basic flows with TLS enabled and verify encryption by doing a tcpdump.
Comment 1 Goutham Pacha Ravi 2019-04-27 05:41:06 UTC 
This change has merged upstream. It is ready to be imported downstream.
Comment 12 errata-xmlrpc 2019-07-10 13:05:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1738
Note You need to log in before you can comment on or make changes to this bug.