[Openstack-operators] Swift-Proxy + Keystone with HAProxy and SSL

Gui Maluf guimalufb at gmail.com
Tue Feb 10 23:40:51 UTC 2015


Something wrong with my certificates and Keystone, cause changing to
self-signed certificates everything is working.

On Tue, Feb 10, 2015 at 8:52 PM, Gui Maluf <guimalufb at gmail.com> wrote:

> http://paste.openstack.org/show/171017/
>
> On Tue, Feb 10, 2015 at 8:33 PM, Kris G. Lindgren <klindgren at godaddy.com>
> wrote:
>
>>  Can you post your haproxy config file?
>>  ____________________________________________
>>
>> Kris Lindgren
>> Senior Linux Systems Engineer
>> GoDaddy, LLC.
>>
>>
>>   From: Gui Maluf <guimalufb at gmail.com>
>> Date: Tuesday, February 10, 2015 at 3:25 PM
>> To: "openstack-operators at lists.openstack.org" <
>> openstack-operators at lists.openstack.org>
>> Subject: [Openstack-operators] Swift-Proxy + Keystone with HAProxy and
>> SSL
>>
>>    hey guy,
>> my production environment is down for two days and I can't fixit.
>>
>> I had 3 keystone+swiftproxy nodes, balanced with DNS-RR and endpoints
>> pointing to DNS; keystone running on 5000/35357 and swift on 443, both with
>> self-signed certificate and native ssl;
>>
>> Then I've changed the swiftproxy to run on port 8080, disable the native
>> SSL, set up HAProxy(real LB with healthcheck and SSL passthrough)
>> redirecting tcp connections to keystone/swiftproxy nodes and changed
>> keystone endpoints pointing to HAProxy hostname with specific ports.
>>
>> What is happening now: Using curl I can access keystone api with -k and
>> passing --cacert, but with keystoneclient, even with OS_CACERT, I can't run
>> any command without the --insecure flag
>>
>> Authorization Failed: <attribute 'message' of 'exceptions.BaseException'
>> objects> (HTTP Unable to establish connection to https
>>
>> Swift just don't work neither through API or swiftclient.
>>
>> Someone could help me please?
>>  What else should I do to change swift-proxy port and to have a HAProxy
>> pointing to that.?
>>
>>
>>  thanks
>>
>> --
>> *guilherme* \n
>> \t *maluf*
>>
>
>
>
> --
> *guilherme* \n
> \t *maluf*
>



-- 
*guilherme* \n
\t *maluf*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150210/fde6f9ab/attachment.html>


More information about the OpenStack-operators mailing list