haproxy misconfiguration if using SSL and an ssl nova_console

Bug #1493429 reported by Jean-Philippe Evrard on 2015-09-08
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openstack-ansible
Medium
Jean-Philippe Evrard
Kilo
Medium
Jean-Philippe Evrard
Trunk
Medium
Jean-Philippe Evrard

Bug Description

Thereis a misconfiguration in haproxy.

If you are using haproxy_ssl: True, you don't have anything set in bind .* ssl for the nova_console.

It's not a problem if nova_spice_html5proxy_base_proto is set to http (which is the default). It however triggers an issue if haproxy and spice are configured with https.

description: updated

Reviewed: https://review.openstack.org/221386
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=923da0c12751b107c578671e979caaa35d70cdab
Submitter: Jenkins
Branch: master

commit 923da0c12751b107c578671e979caaa35d70cdab
Author: Jean-Philippe Evrard <email address hidden>
Date: Tue Sep 8 18:00:09 2015 +0200

    Fix of haproxy ssl misconfiguration with nova_console

    If you are using haproxy_ssl: True, you don't
    have the ssl directive in haproxy/conf.d/nova_console
    for the bind section.

    This fixes this issue.

    Closes-Bug: #1493429
    Change-Id: Idbde44b191082a65ae2f716acd030ef84c237238

Changed in openstack-ansible:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/221853
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=4c0f7b4b79e26884a17b7d8e7ef16e772d10286b
Submitter: Jenkins
Branch: kilo

commit 4c0f7b4b79e26884a17b7d8e7ef16e772d10286b
Author: Jean-Philippe Evrard <email address hidden>
Date: Tue Sep 8 18:00:09 2015 +0200

    Fix of haproxy ssl misconfiguration with nova_console

    If you are using haproxy_ssl: True, you don't
    have the ssl directive in haproxy/conf.d/nova_console
    for the bind section.

    This fixes this issue.

    Closes-Bug: #1493429
    Change-Id: Idbde44b191082a65ae2f716acd030ef84c237238
    (cherry picked from commit 923da0c12751b107c578671e979caaa35d70cdab)

This issue was fixed in the openstack/openstack-ansible 11.2.11 release.

This issue was fixed in the openstack/openstack-ansible 11.2.12 release.

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers