[tc][all] Test support for TLS default
Slawek Kaplonski
skaplons at redhat.com
Fri Jun 11 06:49:32 UTC 2021
Hi,
Dnia czwartek, 10 czerwca 2021 19:35:09 CEST Rico Lin pisze:
> Dear all
>
> In short,
> can you help to enable tls-proxy for your test jobs and fix/report the
> issue in [4]? Or it makes no sense for you?
> Here's all repositories contains jobs with tls-proxy disabled:
>
> - neutron
> - neutron-tempest-plugin
> - cinder-tempest-plugin
> - cyborg-tempest-plugin
> - ec2api-tempest-plugin
> - freezer-tempest-plugin
> - grenade
> - heat
> - js-openstack-lib
> - keystone
> - kuryr-kubernetes
> - masakari
> - murano
> - networking-odl
> - networking-sfc
> - python-brick-cinderclient-ext
> - python-neutronclient
> - python-zaqarclient
> - sahara
> - sahara-dashboard
> - sahara-tests
> - solum
> - tacker
> - telemetry-tempest-plugin
> - trove
> - trove-tempest-plugin
> - vitrage-tempest-plugin
> - watcher
>
> As I'm looking for y-cycle potential goals, I found the tls-proxy support
> is not actually ready OpenStack wide (you can find some discussion in [3]).
> We have multiple projects that disable tls-proxy in test jobs [1] (and stay
> that way for a long time).
> For security concerns, I'm currently collecting the missing part for this.
> And try to figure out if there is any infra issue for current jobs.
> After I attempt to enable tls-proxy for some projects to check the status.
> And from the test result shows ([2]), We might have bugs/test infra issues
> in projects.
> So I invite projects who still have not switched to TLS default. Please do,
> and help to fix/report the issue you're facing.
> As we definitely need some more help on figuring out the actual situation
> on each project.
> So I created an etherpad [4] to track actions or related information.
>
> Meanwhile, I will attempt to enable tls-proxy on more test jobs (and you
> will be able to find it in [2]). Which gives us a good chance to review the
> logs and see how we might get chances to fix it and enable TLS by default.
>
>
> [1]
> https://codesearch.opendev.org/?q=tls-proxy%3A%20false&i=nope&files=&excludeFiles=&repos=
> [2]
> https://review.opendev.org/q/topic:%22exame-tls-proxy%22+
(status:open%20OR%20status:merged)
> [3] https://etherpad.opendev.org/p/community-goals
> [4] https://etherpad.opendev.org/p/support-tls-default
>
> *Rico Lin*
> OIF Board director, OpenStack TC, Multi-arch SIG chair, Heat PTL,
> Senior Software Engineer at EasyStack
Thx Rico for that. I just sent patch for neutron-tempest-plugin and will check
how it works for neutron jobs.
Good thing is that in many jobs we already have it enabled for long time so I
hope there will be no many issues there :)
--
Slawek Kaplonski
Principal Software Engineer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 484 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210611/d9d21b3b/attachment.sig>
More information about the openstack-discuss
mailing list