Ken D'Ambrosio wrote:
> Hey, all. We want to proof something out with SSL-enabled endpoints,
> and don't want to go through the grief of setting up a whole multi-host
> cloud to do it. Devstack with
> USE_SSL=True
> in its local.conf seemed to be just the ticket... except that when it
> gets done
Xin YD He wrote:
> Greetings,
>
> I try to enable Zun using SSL, and add 2 statments in my local.conf,
> USE_SSL=TRUE
> SSL_ENABLED_SERVICES+=,zun
>
> but it does not work. I check the log file and found
> SSL_ENABLED_SERVICES=key,nova,cinder,glance,s-proxy,neutron, does not
> have Zun at all.
>
Erik McCormick wrote:
You may want to try updating the system CA certs. Download both the
root and current intermediate certificate from Geotrust and copy them
to /etc/pki/ca-trust/source/anchors/ and run update-ca-trust. I had
some issues with newer GoDaddy certificates and this fixed me up.
Yo
YANG LI wrote:
Is there a documentation on how to configure SSL on glance, nova and neutron
API? we did get keystone done ,but had hard time to find document on how to do
this on other services.
No documentation that I know of. There are some places that list the
configuration values but not
Chris Mutchler wrote:
> Ive been searching Google for several hours tonight and have not found
> an answer yet to this SSL error message. I am trying to execute the
> following segment of code:
>
> 139 credentials = get_credentials()
>
> 140 neutron = client.Client('2.0',
>
> 14
672
For starters, you should use a FQDN and not IP addresses with SSL. Set
SERVICE_HOST to your hostname.
I guess I'd next check that the service is responding to requests after
the install has failed:
curl -v --cacert /opt/stack/data/ca-bundle.pem https://`hostname`:9696
You ma
Jayanthi Jeyakumar wrote:
> Hi All,
>
> Seeing the following error when i try to install openstack services in
> HTTPS mode .
This exact question was asked last week,
http://lists.openstack.org/pipermail/openstack/2015-January/011286.html
Check the screen logs for why the service didn't start.
Parikshit Manur wrote:
> Hi All,
>
>
>
> I am trying to install the devstack with services being enabled in
> HTTPS mode.
>
> During devstack installation,the neutron-server fails to start. Throws
> the following error.
>
>
>
> 2015-01-21 19:57:04.932 | + screen -S stack -p q-svc -X stuff
. Avoid that
temptation if at all possible. Ubuntu/Fedora/RHEL/CentOS (and perhaps
Debian, I didn't check) all have a way of publishing the CA certificate
centrally. That can alleviate many of the problems on the server and
clients.
rob
>
>
> All the best,
>
>
> George
&g
Georgios Dimitrakakis wrote:
> @Robert: I don't have a load-balancer for this deployment. Just
> controller, cinder and compute nodes.
>
>
>
> What I would like to do is to secure the public endpoints for Keystone,
> Glance, Nova, Cinder with SSL and the EC2 API.
>
> That would be sufficient fo
mohammad kashif wrote:
> Hi
> I am trying to setup ssl enabled keystone using external CA
>
> my keystone.conf settings regarding ssl are
>
> [signing]
>
> certfile=/etc/grid-security/cert.pem
>
> keyfile=/etc/grid-security/key.pem
>
> ca_certs=/etc/grid-security/certificates/UKeScienceRoot-20
Steve Martinelli wrote:
> Not sure about the insecure option, jamielennox would know immediately,
> but to answer your second question, yes please use sessions!
> Lots of info on the developers docs about it:
> http://docs.openstack.org/developer/python-keystoneclient/using-sessions.html#sessions-f
Martinx - ジェームズ wrote:
> Guys,
>
> Currently, my file /etc/openstack-dashboard/local_settings.py have the
> following entry:
>
> ---
> OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0"; % OPENSTACK_HOST
> ---
>
>
> BUT, Horizon users are unable to change their passwords, look:
>
> *Error: *Unable
gustavo panizzo wrote:
On 05/07/2014 04:25 PM, Remo Mattei wrote:
Hello guys,
I wonder if anyone has any suggestions on changing from http to https
interprocess communication like nova to keystone etc.. not for the DASHBOARD.
create a CA for the certs, import the public key of the CA on all t
Hao Wang wrote:
Thanks. It makes sense. The other questions are, would Heartbleed be a
potential risk? Which solution is being used in OpenStack SSL?
Native SSL services (eventlet) are based on OpenSSL, as is Apache
(horizon) so yes, the risk is there if you haven't updated your OpenSSL
libra
Devendra Gupta wrote:
OK, So If I want something on stable on Havana then I need to go
through the HTTPD/mod_wsgi ? Isn't it.
I also see lots of things around TripleO but don't have much idea.
Things like TripleO, Tuskar
.http://openstack.redhat.com/Deploying_RDO_using_Tuskar_and_TripleO
Though
Emanuel Marzini wrote:
Hi,
if I use a certificate to communicate with keystone, Can I request a token? How?
Upstream is working on external authentication methods at
http://docs.openstack.org/developer/keystone/external-auth.html
It shows how to configure keystone for X.509 but not how to co
Emanuel Marzini wrote:
Hi,
I have a software that uses Openstack. When it do an action for the
first time, it need to get a token from Openstack. How it's possible
make a POST request like:
'{"auth":{"passwordCredentials":{"username": "joeuser", "password":
"secrete"}}}' -H "Content-type: applic
18 matches
Mail list logo