1970123 – [GSS] [Azure] NooBaa insecure StorageAccount does not allow for TLS 1.2

Bug 1970123 - [GSS] [Azure] NooBaa insecure StorageAccount does not allow for TLS 1.2

Summary: [GSS] [Azure] NooBaa insecure StorageAccount does not allow for TLS 1.2

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	Multi-Cloud Object Gateway
Sub Component:
Version:	4.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	ODF 4.10.0
Assignee:	Danny
QA Contact:	Ben Eli
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2008590 2008591 2011326 2029749 2056571
TreeView+	depends on / blocked

Reported:	2021-06-09 20:31 UTC by Tom Manor
Modified:	2023-08-09 16:49 UTC (History)
CC List:	13 users (show)
Fixed In Version:	4.10.0-201
Doc Type:	Bug Fix
Doc Text:	.Install the Multicloud Object Gateway with a secure transfer Previously, when the Microsoft Azure resource group was configured with a policy to enforce secure transfer for storage accounts, the installation of Multicloud Object Gateway (MCG) was stuck on the creation of the default backing store. This was because the MCG failed to create a storage account for the default backing store. With this update, a flag is added to allow HTTPS traffic only when you create a storage account. Now, you can install the MCG only in an environment that enforces secure transfer.
Clone Of:
Clones:	2008590 2008591 2029749 (view as bug list)
Environment:
Last Closed:	2022-04-13 18:49:40 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	noobaa noobaa-operator pull 805	None	Merged	set EnableHTTPSTrafficOnly on create storage account	2021-11-30 12:58:45 UTC
Github	noobaa noobaa-operator pull 878	None	open	create azure StorageAccount with minTLS 1.2	2022-03-13 18:36:06 UTC
Github	noobaa noobaa-operator pull 881	None	open	[backport to 5.10] create azure StorageAccount with minTLS 1.2	2022-03-16 14:46:59 UTC
Github	noobaa noobaa-operator pull 885	None	open	Backport to 5.10	2022-03-21 06:49:05 UTC
Github	red-hat-storage ocs-ci pull 6060/	None	None	None	2022-06-30 06:43:27 UTC
Red Hat Product Errata	RHSA-2022:1372	None	None	None	2022-04-13 18:50:11 UTC

Comment 21 Yaniv Kaul 2021-10-11 06:05:31 UTC

Do we have a patch for this? What's the engineering-side status of this?

Comment 22 Nimrod Becker 2021-10-11 06:21:17 UTC

Pending on a setup from QE to test

Comment 27 Petr Balogh 2021-11-18 09:27:36 UTC

Trying again here:
https://ocs4-jenkins-csb-ocsqe.apps.ocp4.prod.psi.redhat.com/job/qe-trigger-azure-ipi-3az-rhcos-3m-3w-deployment/2/
Previous deployment job failed on OCP deployment cause of lack of resources in Azure.

Comment 28 Petr Balogh 2021-11-18 15:40:58 UTC

Ok as the deployment blocker got just fixed in latest ODF build I am rebuilding once more here:
https://ocs4-jenkins-csb-ocsqe.apps.ocp4.prod.psi.redhat.com/job/qe-deploy-ocs-cluster-prod/2296/

Comment 45 errata-xmlrpc 2022-04-13 18:49:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1372

Note You need to log in before you can comment on or make changes to this bug.