I finally found a set of web pages that has a working set of configuration files for the major OpenStack services " http://andymc-stack.co.uk/2013/07/apache2-mod_wsgi-openstack-pt-2-nova-api-os-compute-nova-api-ec2/ " by Andy Mc. I skipped ceilometer and have the rest of the services working except quantum with self-signed certificates on a Grizzly-3 OpenStack instance. Now I am stuck trying to figure out how to get quantum to accept self-signed certificates.
My goal is to harden my Grizzly-3 OpenStack instance using SSL and self-signed certificates. Later I will do the same for Havana bits and use real/valid certificates. Mark > -----Original Message----- > From: Adam Young [mailto:[email protected]] > Sent: Wednesday, November 13, 2013 10:27 AM > To: OpenStack Development Mailing List (not for usage questions) > Subject: Re: [openstack-dev] Nova SSL Apache2 Question > > On 11/06/2013 07:20 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) > wrote: > > Hello, > > > > I am trying to front all of the Grizzly OpenStack services with > > Apache2 in order to enable SSL. I've got Horizon and Keystone working > > but am struggling with Nova. The only documentation I have been able > > to find is at URL > > http://www.rackspace.com/blog/enabling-ssl-for-the-openstack-api/ > > > > However, the Nova sample "osapi.wsgi" and "osapi" files are not working > with Grizzly. Does anyone have a set of these files for Nova? > > > > Thanks, > > > > Mark Miller > > > > _______________________________________________ > > OpenStack-dev mailing list > > [email protected] > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > This was on my To Do list, but for Icehouse. What are you seeing as the > failure? > > The original article was written a while ago, so I am not surprised things > have > changed out from underneath it. In particular, there are some times where > Eventlet code gets monkey patched in that you won't want when working in > HTTPD. In Keystone, we isolated the Monkeypatching into a single function, > to ensure the same logic was done in both starting the App and the unit > tests. I suspect we'll need to something comparable in Nova. > > There are also potential SELinux issues. I'd run with SELinux in Permissive > mode until you get things sorted. > > > > > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
