[openstack-dev] [devstack] How to enable SSL in devStack?
Rob Crittenden
rcritten at redhat.com
Fri Jul 22 15:51:11 UTC 2016
Brant Knudson wrote:
>
>
> On Wed, Jul 20, 2016 at 12:29 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
> Fixing Keystone is easy. An Apache VirtualHost for 443 needs to be
> added.
>
> But I found another, deeper problem: cinder won't listen on SSL.
> When they switched to using oslo_service for WSGI they completely
> removed the ability to use SSL. See bug
> https://bugs.launchpad.net/cinder/+bug/1590901
>
>
> rob
>
>
> Problems like this should make us wonder why we're reimplementing basic
> functionality like TLS termination. Existing wsgi containers (uwsgi,
> gunicorn, and apache) all handle TLS termination just fine.
I'm not exactly sure what you mean. If you mean that doing native TLS in
eventlet is not a great idea then we are in agreement. But to remove it
will should require a plan, not an unexpected side-effect of another change.
rob
More information about the OpenStack-dev
mailing list