Open Stack

On 11/14/2013 03:42 AM, Jesse Pretorius wrote:
> On 13 November 2013 23:39, Miller, Mark M (EB SW Cloud - R&D - 
> Corvallis) <mark.m.miller at hp.com <mailto:mark.m.miller at hp.com>> wrote:
>
>     I finally found a set of web pages that has a working set of
>     configuration files for the major OpenStack services "
>     http://andymc-stack.co.uk/2013/07/apache2-mod_wsgi-openstack-pt-2-nova-api-os-compute-nova-api-ec2/
>     " by Andy Mc. I skipped ceilometer and have the rest of the
>     services working except quantum with self-signed certificates on a
>     Grizzly-3 OpenStack instance. Now I am stuck trying to figure out
>     how to get quantum to accept self-signed certificates.
>
>     My goal is to harden my Grizzly-3 OpenStack instance using SSL and
>     self-signed certificates. Later I will do the same for Havana bits
>     and use real/valid certificates.
>
>
> I struggled with getting this all to work correctly for a few weeks, 
> then eventually gave up and opted instead to use an Apache reverse 
> proxy to front-end the native services. I just found that using an 
> Apache/wsgi configuration doesn't completely work. It would certainly 
> help if this configuration was implemented into the Openstack testing 
> regime to help all the services become first-class citizens as a wsgi 
> process behind Apache.

Does Glance save the image to the local file system?  I'd suspect 
SELinux, since it sounds like you were trying this on CentOS: SELinux is 
very restrictive in what it lets Apache write.  Again, I'd recopmmend 
running with SELinux in Permissive mode on this host and look at the 
avc's generated:  Run audit2why.

>
> I would suggest that you review the wsgi files and vhost templates in 
> the rcbops chef cookbooks for each service. They include my updates to 
> Andy's original blog items to make things work properly.
>
> I found that while Andy's stuff appears to work, it becomes noticeable 
> that it works in a read-only fashion. I managed to get keystone/nova 
> confirmed to work properly, but glance just would not work - I could 
> never upload any images and if caching/management was turned off in 
> the glance service then downloading images didn't work either.
>
> Good luck - if you do get a fully working config it'd be great to get 
> feedback on the adjustments you had to make to get it working.
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131114/486fb6be/attachment.html>