From 9c07e79890692cb477005cf34139fd20d4417be7 Mon Sep 17 00:00:00 2001 From: Damian Dabrowski Date: Tue, 4 Apr 2023 23:18:08 +0200 Subject: [PATCH] Change default value for horizon_enable_ssl `horizon_enable_ssl` is responsible for enabling TLS on horizon backend. It defaults to `haproxy_ssl` which is generally used to enable TLS on haproxy frontends. It is more reasonable to disable it by default as it's done for other services. This patch does not change current behavior in gating as backend TLS works only with horizon_external_ssl=False(while it's set to True by default). It also does not affect behavior of horizon's haproxy frontend encryption. Change-Id: I8f207426c9dc5bcefdec42c0bfc0f5f0376509a3 --- defaults/main.yml | 2 +- .../notes/horizon_enable_ssl_default-15089bd97d81ceb1.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/horizon_enable_ssl_default-15089bd97d81ceb1.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 17a0eff5..2bf90cd6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -240,7 +240,7 @@ horizon_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ horizo # horizon_user_ssl_ca_cert: # Toggle whether horizon should be served via SSL -horizon_enable_ssl: "{{ (haproxy_ssl | default(True)) | bool }}" +horizon_enable_ssl: "{{ openstack_service_backend_ssl | default(False) }}" # Toggle whether horizon is served via an external device, like a load # balancer. This enables the use of the horizon_secure_proxy_ssl_header diff --git a/releasenotes/notes/horizon_enable_ssl_default-15089bd97d81ceb1.yaml b/releasenotes/notes/horizon_enable_ssl_default-15089bd97d81ceb1.yaml new file mode 100644 index 00000000..25344a1c --- /dev/null +++ b/releasenotes/notes/horizon_enable_ssl_default-15089bd97d81ceb1.yaml @@ -0,0 +1,5 @@ +--- +other: + - | + Default value for ``horizon_enable_ssl`` has changed to False. + (or ``openstack_service_backend_ssl`` if it is defined)