Open Stack

Thank you so much Mark for your helpful inputs.

Regards,
Devendra


On Tue, Apr 15, 2014 at 3:26 AM, Miller, Mark M (EB SW Cloud - R&D -
Corvallis) <mark.m.miller at hp.com> wrote:

> Devendra,
>
> We are now using an SSL terminator solution instead of attempting to turn
> SSL on all of the OpenStack services. I have not attempted to turn SSL on
> Havana nor Icehouse builds, but the Grizzly base was pretty flakey . Right
> now the TripleO work is using the "stunnel" proxy server in front of all
> OpenStack services to terminate SSL. You can then proxy the incoming HTTPS
> request onto the local 127.0.0.1/8 bus which is inaccessible from outside
> your server. It also isolates the SSL terminator from the OpenStack service
> processes.
>
> Mark
>
> -----Original Message-----
> From: Devendra Gupta [mailto:dev29aug at gmail.com]
> Sent: Monday, April 14, 2014 2:30 PM
> To: Miller, Mark M (EB SW Cloud - R&D - Corvallis); ayoung at redhat.com
> Cc: openstack at lists.openstack.org
> Subject: Enabling SSL For The OpenStack API using HTTPD and mod_wsgi
>
> Hi,
>
> I want to enable SSL for all the OpenStack APIs and test it but I couldn't
> find detailed doc on docs.openstack.org. Does anyone have some notes on
> how to set this up ?
>
> I did good search around it on Google and OpenStack/RDO mailing list, I
> found lots of different paths but most of them were limited to Keystone
> only using 'keystone-manage ssl_setup'. I also found following nice blog
> which have 6 posts for setting up the SSL for all the components using
> Apache2 and mod_wsgi.
>
> http://andymc-stack.co.uk/2013/06/apache2-mod_wsgi-openstack-pt1-keystone/
>
> I want to go through this doc to do a complete setup but before that I
> wanted to take few inputs about my environment:
>
> 1. I have OpenStack RDO Havana running on Single CentOS 6 VM. Is it fine
> to try the steps on OpenStack RDO/Havana setup ? Or I need to have
> OpenStack setup on Ubuntu/Grizzly ?
>
> 2. Since all the OpenStack components are running on the same host, I
> guess I need to add VHost entries for all the APIs (mentioned in all 6
> docs) in the /etc/httpd/conf/http.conf. Please help me if someone have a
> sample file VHost file with sites created for some/all components.
>
> 3. Can I have single set of  self signed certificate path for all the
> Virtual Host entries as all APIs are running on the single VM.
>     SSLCertificateFile /location/of/server.pem
>     SSLCertificateKeyFile /location/of/server.key
>
> Another thing, the ketstone configuration part in this blog is having
> reference to the github page (http://goo.gl/ZIhcn2) for configuring
> Keystone with SSL but I find that doc little difficult to understand as
> there is no details of configuring virtual hosts so can I skip the github
> doc and proceed with the same blog.
>
> Regards,
> Devendra Gupta
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140415/4f8bef76/attachment.html>