OpenStack-Ansible

haproxy misconfiguration if using SSL and an ssl nova_console

Bug #1493429 reported by Jean-Philippe Evrard
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Medium
Jean-Philippe Evrard
OpenStack-Ansible liberty-3
Kilo
Fix Released
Medium
Jean-Philippe Evrard
OpenStack-Ansible 11.2.2
Trunk
Fix Released
Medium
Jean-Philippe Evrard
OpenStack-Ansible liberty-3

Bug Description

Thereis a misconfiguration in haproxy.

If you are using haproxy_ssl: True, you don't have anything set in bind .* ssl for the nova_console.

It's not a problem if nova_spice_html5proxy_base_proto is set to http (which is the default). It however triggers an issue if haproxy and spice are configured with https.

See original description
Jean-Philippe Evrard (jean-philippe-evrard)
description: updated
Revision history for this message
Jesse Pretorius (jesse-pretorius) wrote :

master review: https://review.openstack.org/221386

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-ansible-deployment (master)

Reviewed: https://review.openstack.org/221386
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=923da0c12751b107c578671e979caaa35d70cdab
Submitter: Jenkins
Branch: master

commit 923da0c12751b107c578671e979caaa35d70cdab
Author: Jean-Philippe Evrard <email address hidden>
Date: Tue Sep 8 18:00:09 2015 +0200

    Fix of haproxy ssl misconfiguration with nova_console

    If you are using haproxy_ssl: True, you don't
    have the ssl directive in haproxy/conf.d/nova_console
    for the bind section.

    This fixes this issue.

    Closes-Bug: #1493429
    Change-Id: Idbde44b191082a65ae2f716acd030ef84c237238

Changed in openstack-ansible:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to os-ansible-deployment (kilo)

Fix proposed to branch: kilo
Review: https://review.openstack.org/221853

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-ansible-deployment (kilo)

Reviewed: https://review.openstack.org/221853
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=4c0f7b4b79e26884a17b7d8e7ef16e772d10286b
Submitter: Jenkins
Branch: kilo

commit 4c0f7b4b79e26884a17b7d8e7ef16e772d10286b
Author: Jean-Philippe Evrard <email address hidden>
Date: Tue Sep 8 18:00:09 2015 +0200

    Fix of haproxy ssl misconfiguration with nova_console

    If you are using haproxy_ssl: True, you don't
    have the ssl directive in haproxy/conf.d/nova_console
    for the bind section.

    This fixes this issue.

    Closes-Bug: #1493429
    Change-Id: Idbde44b191082a65ae2f716acd030ef84c237238
    (cherry picked from commit 923da0c12751b107c578671e979caaa35d70cdab)

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.11

This issue was fixed in the openstack/openstack-ansible 11.2.11 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 11.2.12

This issue was fixed in the openstack/openstack-ansible 11.2.12 release.

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.14

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.