[openstack-dev] [devstack] How to enable SSL in devStack?

Rob Crittenden rcritten at redhat.com
Wed Jul 20 14:01:03 UTC 2016


Andrey Pavlov wrote:
> Hi,
>
> When I ran devstack with SSL I found a bug and tried to fix it -
> https://review.openstack.org/#/c/242812/
> But no one agree with me.
> Try to apply this patch - it may help.
> Also there is a chance that new bugs present in devstack that
> prevented to install it with SSL.

Seeing how some other things in your local.conf might help but when I 
tried to reproduce it I got the same error and it failed because Apache 
didn't have an SSL listener on 443.

I'm not sure I'd recommend direct SSL in any case. I'd recommend the 
tls-proxy service instead. Note that I'm pretty sure it has the same 
problem: it hasn't been updated to handle port 443 for Keystone.

I'm working on switching from stud to mod_proxy if you want to take a 
look and this problem is fixed there, https://review.openstack.org/301172

I'll see about adding a SSL listener to Keystone for the USE_SSL case in 
the next few days.

And yeah, it's a moving target. I have an experimental gate test for 
tlsproxy but it has to be requested explicitly. My plan is to enable it 
as non-voting once the mod_proxy changes land so it will at least be 
more obvious when things break (or maybe we can making it voting).

rob



More information about the OpenStack-dev mailing list