overcloud haproxy lacks client certificate
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
In Progress
|
Undecided
|
Unassigned |
Bug Description
This affects the connection to horizon backend since the configuration wiht tls-e requires client certificate verification, i.e.:
```
SSLVerifyClient none
```
However, the haproxy configuration does not seem to be using client certificates:
```
backend horizon_be
mode http
cookie SERVERID insert indirect nocache
option httpchk
server controller-
```
Notice the lack of `crt /path/to/
But is client certificate authentication really necessary for this configuration?
Fix proposed to branch: master /review. opendev. org/c/openstack /tripleo- heat-templates/ +/860910
Review: https:/