[Openstack-operators] Swift-Proxy + Keystone with HAProxy and SSL

Gui Maluf guimalufb at gmail.com
Tue Feb 10 22:25:06 UTC 2015


hey guy,
my production environment is down for two days and I can't fixit.

I had 3 keystone+swiftproxy nodes, balanced with DNS-RR and endpoints
pointing to DNS; keystone running on 5000/35357 and swift on 443, both with
self-signed certificate and native ssl;

Then I've changed the swiftproxy to run on port 8080, disable the native
SSL, set up HAProxy(real LB with healthcheck and SSL passthrough)
redirecting tcp connections to keystone/swiftproxy nodes and changed
keystone endpoints pointing to HAProxy hostname with specific ports.

What is happening now: Using curl I can access keystone api with -k and
passing --cacert, but with keystoneclient, even with OS_CACERT, I can't run
any command without the --insecure flag

Authorization Failed: <attribute 'message' of 'exceptions.BaseException'
objects> (HTTP Unable to establish connection to https

Swift just don't work neither through API or swiftclient.

Someone could help me please?
What else should I do to change swift-proxy port and to have a HAProxy
pointing to that.?


thanks

-- 
*guilherme* \n
\t *maluf*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150210/8f1d9ab5/attachment.html>


More information about the OpenStack-operators mailing list