| 2017-09-17 09:41:55 |
Albert Mikaelyan |
description |
Designate role does not use https for public uri.
Instead of using the openstack uri variables when available:
openstack_service_publicuri_proto
openstack_service_adminuri_proto
openstack_service_internaluri_proto
It uses it's own variable which is set to http, and only that:
https://github.com/openstack/openstack-ansible-os_designate/blob/master/defaults/main.yml#L129
Keystone has a good example for correct way of using this:
https://github.com/openstack/openstack-ansible-os_keystone/blob/master/defaults/main.yml#L148
Should this also be considered a security bug? |
Designate role does not use https for public uri in its defaults
Instead of using the openstack uri variables when available:
openstack_service_publicuri_proto
openstack_service_adminuri_proto
openstack_service_internaluri_proto
It uses it's own variable which is set to http, and only that:
https://github.com/openstack/openstack-ansible-os_designate/blob/master/defaults/main.yml#L129
Keystone has a good example for correct way of using this:
https://github.com/openstack/openstack-ansible-os_keystone/blob/master/defaults/main.yml#L148
The proto is set instead in ansible's inventory:
https://github.com/openstack/openstack-ansible/blob/master/group_vars/designate_all.yml#L24
Needs to align the designate role to other roles, and set to https via defaults. |
|
