<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
margin-top:10.0pt;
margin-right:0in;
margin-bottom:0in;
margin-left:.25in;
margin-bottom:.0001pt;
text-indent:-.25in;
page-break-after:avoid;
mso-list:l1 level1 lfo1;
font-size:14.0pt;
font-family:"Calibri Light","sans-serif";
color:#5B9BD5;
font-weight:bold;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
margin-top:10.0pt;
margin-right:0in;
margin-bottom:0in;
margin-left:27.0pt;
margin-bottom:.0001pt;
text-indent:-.25in;
page-break-after:avoid;
mso-list:l0 level1 lfo2;
font-size:13.0pt;
font-family:"Calibri Light","sans-serif";
color:#5B9BD5;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin-top:6.0pt;
margin-right:0in;
margin-bottom:7.5pt;
margin-left:0in;
background:#EEEEEE;
font-size:10.0pt;
font-family:Consolas;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Calibri Light","sans-serif";
color:#5B9BD5;
font-weight:bold;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Calibri Light","sans-serif";
color:#5B9BD5;
font-weight:bold;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
background:#EEEEEE;}
span.pre
{mso-style-name:pre;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:440298801;
mso-list-type:hybrid;
mso-list-template-ids:-976043504 1897327186 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-style-link:"Heading 3";
mso-level-text:"%1\.1";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:27.0pt;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:1.25in;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:2.75in;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:4.25in;
text-indent:-9.0pt;}
@list l1
{mso-list-id:1144812355;
mso-list-template-ids:-1765663876;}
@list l1:level1
{mso-level-style-link:"Heading 2";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;}
@list l1:level2
{mso-level-legal-format:yes;
mso-level-text:"%1\.%2";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:21.0pt;
text-indent:-21.0pt;}
@list l1:level3
{mso-level-legal-format:yes;
mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l1:level4
{mso-level-legal-format:yes;
mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l1:level5
{mso-level-legal-format:yes;
mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.75in;}
@list l1:level6
{mso-level-legal-format:yes;
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.75in;}
@list l1:level7
{mso-level-legal-format:yes;
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l1:level8
{mso-level-legal-format:yes;
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l1:level9
{mso-level-legal-format:yes;
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l1:level1 lfo3
{mso-level-start-at:3;}
@list l1:level2 lfo3
{mso-level-start-at:2;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Devendra,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here is a set of instructions for the Icehouse Keystone HTTPD install using SSL. I did not get any further before giving up. What you are going to find is that some services that use HTTPD as a default have good support for it (i.e. Keystone
and Horizon). For other services that don’t use it as a default you have to try to figure out the WSGI connection code yourself and hope that the internal drivers work with that configuration. In addition, the WSGI interfaces appear to change with every new
release of OpenStack. For example, the Keystone WSGI connection code that worked with Grizzly is different from the code that works with Icehouse.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mark<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><u>Icehouse Notes:<o:p></o:p></u></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p class="MsoNormal"><b>NOTE</b>: The Apache2 WSGI configuration scripts below replace the “/etc/init.d/keystone” startup script<o:p></o:p></p>
<p style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:6.0pt;margin-left:0in;background:white">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">Create/configure file “<span class="pre"><span style="background:white">/etc/apache2/sites-available/keystone.conf”
</span></span>to match your keystone installation and server<span style="background:white">.</span>
<o:p></o:p></span></p>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">WSGIDaemonProcess keystone user=keystone group=nogroup processes=6<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">Listen 0.0.0.0:5000<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><VirtualHost _default_:5000><o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> LogLevel debug<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> ErrorLog /var/log/keystone/keystone.log<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLEngine on<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLCertificateFile /etc/keystone/ssl/certs/keystone.pem<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLCertificateKeyFile /etc/keystone/ssl/private/keystonekey.pem<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLProtocol all -SSLv2<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLVerifyClient none<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> WSGIScriptAlias / /usr/lib/cgi-bin/keystone/main<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> WSGIProcessGroup keystone<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SetEnv nokeepalive ssl-unclean-shutdown<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"></VirtualHost><o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">Listen 0.0.0.0:35357<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><VirtualHost _default_:35357><o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> LogLevel debug<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> ErrorLog /var/log/keystone/keystone.log<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLEngine on<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLCertificateFile /etc/keystone/ssl/certs/keystone.pem<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLCertificateKeyFile /etc/keystone/ssl/private/keystonekey.pem<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLProtocol all -SSLv2<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SSLVerifyClient none<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> WSGIScriptAlias / /usr/lib/cgi-bin/keystone/admin<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> WSGIProcessGroup keystone<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> SetEnv nokeepalive ssl-unclean-shutdown<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"></VirtualHost> <o:p></o:p></span></pre>
<p style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:6.0pt;margin-left:0in">
<b><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#333333"><o:p> </o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#333333">Note</span></b><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#333333">:
</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">By changing the SSL_Engine variable in this file you can turn on and off the Apache2-SSL frontend to Keystone.<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></p>
<p class="MsoNormal">Now link keystone sites-enabled to keystone sites-available
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal" style="background:#F2F2F2">sudo ln -s /etc/apache2/sites-available/keystone.conf /etc/apache2/sites-enabled/keystone.conf
<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">Create directory “/usr/lib/cgi-bin/keystone”<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#F2F2F2"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">sudo mkdir /usr/lib/cgi-bin<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt;background:#F2F2F2"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">sudo mkdir /usr/lib/cgi-bin/keystone<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">Create file “/usr/lib/cgi-bin/keystone/admin”.<o:p></o:p></span></p>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">import logging<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">import os<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from paste import deploy<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.openstack.common import gettextutils<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.common import dependency<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.common import environment<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.common import sql<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone import config<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.openstack.common import log<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone import service<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># NOTE(blk-u):<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># gettextutils.install() must run to set _ before importing any modules that<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># contain static translated strings.<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">gettextutils.install('keystone', lazy=True)<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">CONF = config.CONF<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">config.configure()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">sql.initialize()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">config.set_default_for_default_log_levels()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">CONF(project='keystone')<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">config.setup_logging()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">environment.use_stdlib()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">#name = os.path.basename(__file__)<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">name = "admin"<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">if CONF.debug:<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">drivers = service.load_backends()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># NOTE(ldbragst): 'application' is required in this context by WSGI spec.<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># The following is a reference to Python Paste Deploy documentation<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># http://pythonpaste.org/deploy/<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">application = deploy.loadapp('config:%s' % config.find_paste_config(),<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> name=name)<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">dependency.resolve_future_dependencies()<o:p></o:p></span></pre>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">Also create file “/usr/lib/cgi-bin/keystone/main”.
<o:p></o:p></span></p>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">import logging<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">import os<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from paste import deploy<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.openstack.common import gettextutils<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.common import dependency<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.common import environment<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.common import sql<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone import config<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone.openstack.common import log<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">from keystone import service<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># NOTE(blk-u):<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># gettextutils.install() must run to set _ before importing any modules that<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># contain static translated strings.<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">gettextutils.install('keystone', lazy=True)<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">CONF = config.CONF<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">config.configure()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">sql.initialize()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">config.set_default_for_default_log_levels()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">CONF(project='keystone')<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">config.setup_logging()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">environment.use_stdlib()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">#name = os.path.basename(__file__)<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">name = "main"<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">if CONF.debug:<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">drivers = service.load_backends()<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># NOTE(ldbragst): 'application' is required in this context by WSGI spec.<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># The following is a reference to Python Paste Deploy documentation<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"># http://pythonpaste.org/deploy/<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">application = deploy.loadapp('config:%s' % config.find_paste_config(),<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"> name=name)<o:p></o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></pre>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">dependency.resolve_future_dependencies()<o:p></o:p></span></pre>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#333333">If the keystone service is running, shut it down because the Apache2 service will now start it up with as many instances of keystone
as are specified on the first line of file “/etc/apache2/sites-available/keystone.conf”.<o:p></o:p></span></p>
<pre style="margin:0in;margin-bottom:.0001pt"><span style="color:#333333">sudo service keystone stop</span><span style="font-family:"Courier New";color:#333333"><o:p></o:p></span></pre>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> Devendra Gupta [mailto:dev29aug@gmail.com]
<br>
<b>Sent:</b> Tuesday, April 15, 2014 8:47 AM<br>
<b>To:</b> Miller, Mark M (EB SW Cloud - R&D - Corvallis); openstack@lists.openstack.org<br>
<b>Subject:</b> RE: Enabling SSL For The OpenStack API using HTTPD and mod_wsgi<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p>Missed include list so adding. <o:p></o:p></p>
<div>
<p class="MsoNormal">On Apr 15, 2014 9:41 AM, "Devendra Gupta" <<a href="mailto:dev29aug@gmail.com">dev29aug@gmail.com</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p>Hi Mark,<o:p></o:p></p>
<p>Thanks for your inputs around "Stunnel", I'll try it later as it looks very new to me and little unknown/complex. But first I wanted to try HTTPD with mod_wsgi as I don't have much security concern in my test environment so could you please guide me around
those three points which I mentioned in the first mail. I could see in mailing list archive that you tried that approach so I think your guidance would be helpful.<o:p></o:p></p>
<p>Regards,<br>
Devendra<o:p></o:p></p>
<div>
<p class="MsoNormal">On Apr 15, 2014 4:18 AM, "Miller, Mark M (EB SW Cloud - R&D - Corvallis)" <<a href="mailto:mark.m.miller@hp.com" target="_blank">mark.m.miller@hp.com</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">Look up "stunnel". The HTTPD and mod_wsgi wasn't really stable and provided a security risk in that breaking into Apache granted you access to every OpenStack service started by Apache.<br>
<br>
-----Original Message-----<br>
From: Devendra Gupta [mailto:<a href="mailto:dev29aug@gmail.com" target="_blank">dev29aug@gmail.com</a>]<br>
Sent: Monday, April 14, 2014 3:31 PM<br>
To: Miller, Mark M (EB SW Cloud - R&D - Corvallis)<br>
Cc: <a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>; <a href="mailto:openstack@lists.openstack.org" target="_blank">
openstack@lists.openstack.org</a><br>
Subject: Re: Enabling SSL For The OpenStack API using HTTPD and mod_wsgi<br>
<br>
OK, So If I want something on stable on Havana then I need to go through the HTTPD/mod_wsgi ? Isn't it.<br>
<br>
I also see lots of things around TripleO but don't have much idea.<br>
Things like TripleO, Tuskar<br>
.<a href="http://openstack.redhat.com/Deploying_RDO_using_Tuskar_and_TripleO" target="_blank">http://openstack.redhat.com/Deploying_RDO_using_Tuskar_and_TripleO</a><br>
<br>
Though not sure, what all this is doing.<br>
<br>
Devendra<br>
<br>
On Tue, Apr 15, 2014 at 3:48 AM, Miller, Mark M (EB SW Cloud - R&D -<br>
Corvallis) <<a href="mailto:mark.m.miller@hp.com" target="_blank">mark.m.miller@hp.com</a>> wrote:<br>
> I am just learning myself and it is aimed at Icehouse, not Havana.<br>
><br>
> <a href="http://docs.openstack.org/developer/tripleo-incubator/devtest.html" target="_blank">
http://docs.openstack.org/developer/tripleo-incubator/devtest.html</a><br>
><br>
> Mark<br>
><br>
><br>
> -----Original Message-----<br>
> From: Devendra Gupta [mailto:<a href="mailto:dev29aug@gmail.com" target="_blank">dev29aug@gmail.com</a>]<br>
> Sent: Monday, April 14, 2014 3:14 PM<br>
> To: Miller, Mark M (EB SW Cloud - R&D - Corvallis)<br>
> Cc: <a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>; <a href="mailto:openstack@lists.openstack.org" target="_blank">
openstack@lists.openstack.org</a><br>
> Subject: Re: Enabling SSL For The OpenStack API using HTTPD and<br>
> mod_wsgi<br>
><br>
> Thanks Mark, TripleO seems good. I just came to know about it from you so doing google around it. Do you see some known/trusted doc to configure it with OpenStack. I am willing to proceed with it on Havana.<br>
><br>
> - Devendra<br>
><br>
> On Tue, Apr 15, 2014 at 3:26 AM, Miller, Mark M (EB SW Cloud - R&D -<br>
> Corvallis) <<a href="mailto:mark.m.miller@hp.com" target="_blank">mark.m.miller@hp.com</a>> wrote:<br>
>> Devendra,<br>
>><br>
>> We are now using an SSL terminator solution instead of attempting to turn SSL on all of the OpenStack services. I have not attempted to turn SSL on Havana nor Icehouse builds, but the Grizzly base was pretty flakey . Right now the TripleO work is using the
"stunnel" proxy server in front of all OpenStack services to terminate SSL. You can then proxy the incoming HTTPS request onto the local
<a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> bus which is inaccessible from outside your server. It also isolates the SSL terminator from the OpenStack service processes.<br>
>><br>
>> Mark<br>
>><br>
>> -----Original Message-----<br>
>> From: Devendra Gupta [mailto:<a href="mailto:dev29aug@gmail.com" target="_blank">dev29aug@gmail.com</a>]<br>
>> Sent: Monday, April 14, 2014 2:30 PM<br>
>> To: Miller, Mark M (EB SW Cloud - R&D - Corvallis); <a href="mailto:ayoung@redhat.com" target="_blank">
ayoung@redhat.com</a><br>
>> Cc: <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
>> Subject: Enabling SSL For The OpenStack API using HTTPD and mod_wsgi<br>
>><br>
>> Hi,<br>
>><br>
>> I want to enable SSL for all the OpenStack APIs and test it but I couldn't find detailed doc on
<a href="http://docs.openstack.org" target="_blank">docs.openstack.org</a>. Does anyone have some notes on how to set this up ?<br>
>><br>
>> I did good search around it on Google and OpenStack/RDO mailing list, I found lots of different paths but most of them were limited to Keystone only using 'keystone-manage ssl_setup'. I also found following nice blog which have 6 posts for setting up the
SSL for all the components using Apache2 and mod_wsgi.<br>
>><br>
>> <a href="http://andymc-stack.co.uk/2013/06/apache2-mod_wsgi-openstack-pt1-keys" target="_blank">
http://andymc-stack.co.uk/2013/06/apache2-mod_wsgi-openstack-pt1-keys</a><br>
>> t<br>
>> one/<br>
>><br>
>> I want to go through this doc to do a complete setup but before that I wanted to take few inputs about my environment:<br>
>><br>
>> 1. I have OpenStack RDO Havana running on Single CentOS 6 VM. Is it fine to try the steps on OpenStack RDO/Havana setup ? Or I need to have OpenStack setup on Ubuntu/Grizzly ?<br>
>><br>
>> 2. Since all the OpenStack components are running on the same host, I<br>
>> guess I need to add VHost entries for all the APIs (mentioned in all<br>
>> 6<br>
>> docs) in the /etc/httpd/conf/http.conf. Please help me if someone have a sample file VHost file with sites created for some/all components.<br>
>><br>
>> 3. Can I have single set of self signed certificate path for all the Virtual Host entries as all APIs are running on the single VM.<br>
>> SSLCertificateFile /location/of/server.pem<br>
>> SSLCertificateKeyFile /location/of/server.key<br>
>><br>
>> Another thing, the ketstone configuration part in this blog is having reference to the github page (<a href="http://goo.gl/ZIhcn2" target="_blank">http://goo.gl/ZIhcn2</a>) for configuring Keystone with SSL but I find that doc little difficult to understand
as there is no details of configuring virtual hosts so can I skip the github doc and proceed with the same blog.<br>
>><br>
>> Regards,<br>
>> Devendra Gupta<o:p></o:p></p>
</blockquote>
</div>
</blockquote>
</div>
</div>
</body>
</html>