commit 27c4d562c8ade4b4f34ec807ac327334fdd13cb3
Author: Lucas Cavalcante <email address hidden>
Date: Thu Dec 23 11:13:15 2021 -0300
Fixes Application Apply failing when HTTPS enabled
Openstack-helm provides the option to terminate TLS at the services.
However, at Starlingx TLS termination is done at the reverse
proxy (ingress) and therefore is unecessary for the OpenStack itself
be HTTPS and terminate tls a second time. Furthermore, it is not
possible to have https enabled on openstack services with the
current centos based containers that we have, openstack-helm only
supports tls using debian based containers.
Manually working arroud this creates a cumbersome override file, so
to diminish this overrides this patch 0020 and 0013(osh-i) disables
https at the backend, thus maitaining the same behaviour as stx 5.0
Mariadb and RabbitMQ tls does not seem to be working very well within
Starlingx, so we also disable TLS for them. I am not confident that
current openstack-helm and openstack-helm-infra supports production level
openstack with mariadb in TLS mode. Furthermore, from the way everything
is redirected in StarlingX I do see too many performance and stability
issues using both of them with tls enabled.
Disclaimer I did not test with either only mairiadb tls or
rabbitmq activated, but with both of them on the system is not usable.
Test Plan:
PASS: Openstack is Applied. (https disabled)
PASS: enable https. Opensatck is Applied (WITHOUT service.conf
overrides)
Reviewed: https:/ /review. opendev. org/c/starlingx /openstack- armada- app/+/822833 /opendev. org/starlingx/ openstack- armada- app/commit/ 27c4d562c8ade4b 4f34ec807ac3273 34fdd13cb3
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 27c4d562c8ade4b 4f34ec807ac3273 34fdd13cb3
Author: Lucas Cavalcante <email address hidden>
Date: Thu Dec 23 11:13:15 2021 -0300
Fixes Application Apply failing when HTTPS enabled
Openstack-helm provides the option to terminate TLS at the services.
However, at Starlingx TLS termination is done at the reverse
proxy (ingress) and therefore is unecessary for the OpenStack itself
be HTTPS and terminate tls a second time. Furthermore, it is not
possible to have https enabled on openstack services with the
current centos based containers that we have, openstack-helm only
supports tls using debian based containers.
Manually working arroud this creates a cumbersome override file, so
to diminish this overrides this patch 0020 and 0013(osh-i) disables
https at the backend, thus maitaining the same behaviour as stx 5.0
Mariadb and RabbitMQ tls does not seem to be working very well within helm-infra supports production level
Starlingx, so we also disable TLS for them. I am not confident that
current openstack-helm and openstack-
openstack with mariadb in TLS mode. Furthermore, from the way everything
is redirected in StarlingX I do see too many performance and stability
issues using both of them with tls enabled.
Disclaimer I did not test with either only mairiadb tls or
rabbitmq activated, but with both of them on the system is not usable.
Test Plan:
PASS: Openstack is Applied. (https disabled)
PASS: enable https. Opensatck is Applied (WITHOUT service.conf
overrides)
Signed-off-by: Lucas Cavalcante <email address hidden> 4047934b52d200b 951a59c1a3f /review. opendev. org/c/starlingx /helm-charts/ +/828815
Change-Id: Ifb7946e9a28923
Partial-bug: 1960354
Related-to: https:/