[Openstack-security] Enabling SSL/HTTPS for REST API
Adam Young
ayoung at redhat.com
Thu Nov 14 20:05:53 UTC 2013
On 11/13/2013 08:59 PM, Hassan Shaik wrote:
> Hello Openstack security experts,
>
> I am trying to enable SSL/HTTPS in openstack REST API for all services
> (nova/glance endpoint URL). However, I see the documentation to enable
> SSL on keystone service alone.
>
> http://docs.openstack.org/grizzly/openstack-compute/admin/content//keystone-ssl.html
> http://docs.openstack.org/developer/keystone/configuration.html
>
> 1. Am I missing something? Is SSL/HTTPS supported for nova/glance API too?
http://andymc-stack.co.uk/2013/07/apache2-mod_wsgi-openstack-pt-2-nova-api-os-compute-nova-api-ec2/
http://andymc-stack.co.uk/2013/07/apache2-mod_wsgi-openstack-pt-3-glance-api-glance-registry/#comment-23
People have suggested that the glance one is broken, and comes up Read
Only. I suspect SELinux issues there
> 2. Also, when I try to enable SSL in keystone service, all nova/glance
> CLI fail to work after the change. And, the debug shows it is trying
> to make use of http even after enabling SSL.
>
> # nova --debug list
>
> REQ: curl -i *http*://openstack-ip:5000/v2.0/tokens -X POST -H
> "Content-Type: application/json" -H "Accept: application/json" -H
> "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin",
> "passwordCredentials": {"username": "admin", "password": "admin_pass"}}}'
Need to set the Auth endpoint to https when registering it with Keystone.
>
> Appreciate your help.
>
> Thanks,
> Hassan
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131114/09dcdaa4/attachment.html>
More information about the Openstack-security
mailing list