openstack
/
openstack
Code Issues Proposed changes

Update git submodules 

* Update openstack-ansible-os_nova from branch 'master'
  to db6e446bc78fb49c9b46cc1809ffc71e343dc9c2
  - Merge "Enable TLS for VNC from novncproxy to compute hosts"
  - Enable TLS for VNC from novncproxy to compute hosts
    
    To secure communications from the proxy server to the compute
    nodes using VeNCrypt authentication scheme.
    
    In a previous patch a TLS server certificate was deployed to
    compute nodes, this patch makes use of this same server cert for
    securing VNC sessions on compute nodes. It is recommended that
    this certificate be issued by a dedicated certificate authority
    solely for the VNC service, as libvirt does not currently have a
    mechanism to restrict what certificates can be presented by the
    proxy server. This has not been implemented to reduce complexity.
    
    In addition the noVNC proxy needs to present a client certificate
    so only approved VNC proxy servers can connect to the Compute nodes.
    The PKI role has been used to create a client certificate for the
    nova console nodes.
    
    Related Nova docs:
    https://docs.openstack.org/nova/latest/admin/remote-console-access.html
    
    To help with the transition from from unencrypted VNC to VeNCrypt,
    initially compute nodes auth scheme allows for both encrypted and
    unencrypted sessions using the variable `nova_vencrypt_auth_scheme`, this
    will be removed in future releases.
    
    Change-Id: Iafb788f80fd401c6ce6e4576bafd06c92431bd65
This commit is contained in:
Zuul 2021-11-15 12:37:45 +00:00 committed by Gerrit Code Review
parent 6e6fc368ca
commit d9a3476f4b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openstack-ansible-os_nova

@ -1 +1 @@
Subproject commit d62950ac51e8849290ca399217765cc0c1e2bd6e
Subproject commit db6e446bc78fb49c9b46cc1809ffc71e343dc9c2