Dear all

In short,
can you help to enable tls-proxy for your test jobs and fix/report the issue in [4]? Or it makes no sense for you?
Here's all repositories contains jobs with tls-proxy disabled:
  • neutron
  • neutron-tempest-plugin
  • cinder-tempest-plugin
  • cyborg-tempest-plugin
  • ec2api-tempest-plugin
  • freezer-tempest-plugin
  • grenade
  • heat
  • js-openstack-lib
  • keystone
  • kuryr-kubernetes
  • masakari
  • murano
  • networking-odl
  • networking-sfc
  • python-brick-cinderclient-ext
  • python-neutronclient
  • python-zaqarclient
  • sahara
  • sahara-dashboard
  • sahara-tests
  • solum
  • tacker
  • telemetry-tempest-plugin
  • trove
  • trove-tempest-plugin
  • vitrage-tempest-plugin
  • watcher
As I'm looking for y-cycle potential goals, I found the tls-proxy support is not actually ready OpenStack wide (you can find some discussion in [3]).
We have multiple projects that disable tls-proxy in test jobs [1] (and stay that way for a long time).
For security concerns, I'm currently collecting the missing part for this. And try to figure out if there is any infra issue for current jobs.
After I attempt to enable tls-proxy for some projects to check the status.
And from the test result shows ([2]), We might have bugs/test infra issues in projects.
So I invite projects who still have not switched to TLS default. Please do, and help to fix/report the issue you're facing.
As we definitely need some more help on figuring out the actual situation on each project.
So I created an etherpad [4] to track actions or related information.

Meanwhile, I will attempt to enable tls-proxy on more test jobs (and you will be able to find it in [2]). Which gives us a good chance to review the logs and see how we might get chances to fix it and enable TLS by default.



Rico Lin
OIF Board director, OpenStack TC, Multi-arch SIG chair, Heat PTL, 
Senior Software Engineer@EasyStack