[Openstack-operators] Swift-Proxy + Keystone with HAProxy and SSL
guimalufb at gmail.com
Tue Feb 10 22:52:15 UTC 2015
On Tue, Feb 10, 2015 at 8:33 PM, Kris G. Lindgren <klindgren at godaddy.com>
> Can you post your haproxy config file?
> Kris Lindgren
> Senior Linux Systems Engineer
> GoDaddy, LLC.
> From: Gui Maluf <guimalufb at gmail.com>
> Date: Tuesday, February 10, 2015 at 3:25 PM
> To: "openstack-operators at lists.openstack.org" <
> openstack-operators at lists.openstack.org>
> Subject: [Openstack-operators] Swift-Proxy + Keystone with HAProxy and SSL
> hey guy,
> my production environment is down for two days and I can't fixit.
> I had 3 keystone+swiftproxy nodes, balanced with DNS-RR and endpoints
> pointing to DNS; keystone running on 5000/35357 and swift on 443, both with
> self-signed certificate and native ssl;
> Then I've changed the swiftproxy to run on port 8080, disable the native
> SSL, set up HAProxy(real LB with healthcheck and SSL passthrough)
> redirecting tcp connections to keystone/swiftproxy nodes and changed
> keystone endpoints pointing to HAProxy hostname with specific ports.
> What is happening now: Using curl I can access keystone api with -k and
> passing --cacert, but with keystoneclient, even with OS_CACERT, I can't run
> any command without the --insecure flag
> Authorization Failed: <attribute 'message' of 'exceptions.BaseException'
> objects> (HTTP Unable to establish connection to https
> Swift just don't work neither through API or swiftclient.
> Someone could help me please?
> What else should I do to change swift-proxy port and to have a HAProxy
> pointing to that.?
> *guilherme* \n
> \t *maluf*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-operators