Andrey Pavlov wrote:
Hi,
When I ran devstack with SSL I found a bug and tried to fix it -
https://review.openstack.org/#/c/242812/
But no one agree with me.
Try to apply this patch - it may help.
Also there is a chance that new bugs present in devstack that
prevented to install it with SSL.
Seeing how some other things in your local.conf might help but when I
tried to reproduce it I got the same error and it failed because Apache
didn't have an SSL listener on 443.
I'm not sure I'd recommend direct SSL in any case. I'd recommend the
tls-proxy service instead. Note that I'm pretty sure it has the same
problem: it hasn't been updated to handle port 443 for Keystone.
I'm working on switching from stud to mod_proxy if you want to take a
look and this problem is fixed there, https://review.openstack.org/301172
I'll see about adding a SSL listener to Keystone for the USE_SSL case in
the next few days.
And yeah, it's a moving target. I have an experimental gate test for
tlsproxy but it has to be requested explicitly. My plan is to enable it
as non-voting once the mod_proxy changes land so it will at least be
more obvious when things break (or maybe we can making it voting).
rob
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
