[openstack-dev] Nova SSL Apache2 Question

Miller, Mark M (EB SW Cloud - R&D - Corvallis) mark.m.miller at hp.com
Wed Nov 13 21:39:52 UTC 2013


I finally found a set of web pages that has a working set of configuration files for the major OpenStack services " http://andymc-stack.co.uk/2013/07/apache2-mod_wsgi-openstack-pt-2-nova-api-os-compute-nova-api-ec2/ " by Andy Mc. I skipped ceilometer and have the rest of the services working except quantum with self-signed certificates on a Grizzly-3 OpenStack instance. Now I am stuck trying to figure out how to get quantum to accept self-signed certificates.

My goal is to harden my Grizzly-3 OpenStack instance using SSL and self-signed certificates. Later I will do the same for Havana bits and use real/valid certificates.

Mark

> -----Original Message-----
> From: Adam Young [mailto:ayoung at redhat.com]
> Sent: Wednesday, November 13, 2013 10:27 AM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re: [openstack-dev] Nova SSL Apache2 Question
> 
> On 11/06/2013 07:20 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis)
> wrote:
> > Hello,
> >
> > I am trying to front all of the Grizzly OpenStack services with
> > Apache2 in order to enable SSL. I've got Horizon and Keystone working
> > but am struggling with Nova. The only documentation I have been able
> > to find is at URL
> > http://www.rackspace.com/blog/enabling-ssl-for-the-openstack-api/
> >
> > However, the Nova sample "osapi.wsgi" and "osapi" files are not working
> with Grizzly. Does anyone have a set of these files for Nova?
> >
> > Thanks,
> >
> > Mark Miller
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> This was on my To Do list, but for Icehouse.  What are you seeing as the
> failure?
> 
> The original article was written a while ago, so I am not surprised things have
> changed out from underneath it.  In particular, there are some times where
> Eventlet code gets monkey patched in that you won't want when working in
> HTTPD.  In Keystone, we isolated the Monkeypatching into a single function,
> to ensure the same logic was done in both starting the App and the unit
> tests.  I suspect we'll need to something comparable in Nova.
> 
> There are also potential SELinux issues.  I'd run with SELinux in Permissive
> mode until you get things sorted.
> 
> 
> 
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list