[openstack-dev] [devstack] How to enable SSL in devStack?
Rob Crittenden
rcritten at redhat.com
Tue Jul 26 12:54:20 UTC 2016
Clark Boylan wrote:
>
>
> On Wed, Jul 20, 2016, at 07:01 AM, Rob Crittenden wrote:
>> Andrey Pavlov wrote:
>>> Hi,
>>>
>>> When I ran devstack with SSL I found a bug and tried to fix it -
>>> https://review.openstack.org/#/c/242812/
>>> But no one agree with me.
>>> Try to apply this patch - it may help.
>>> Also there is a chance that new bugs present in devstack that
>>> prevented to install it with SSL.
>>
>> Seeing how some other things in your local.conf might help but when I
>> tried to reproduce it I got the same error and it failed because Apache
>> didn't have an SSL listener on 443.
>>
>> I'm not sure I'd recommend direct SSL in any case. I'd recommend the
>> tls-proxy service instead. Note that I'm pretty sure it has the same
>> problem: it hasn't been updated to handle port 443 for Keystone.
>
> I pushed a change up (https://review.openstack.org/#/c/296771/) to
> enable tls-proxy in devstack-gate to see how it does and it wasn't too
> happy. Is it worth trying to make a push on this and just enabling it by
> default in devstack?
The failure is due to the Keystone switch to using URLs in favor of
ports to distinguish user and admin operations. The fix is fairly
straightforward and I have it fixed in a related change, switching from
stud to mod_proxy https://review.openstack.org/#/c/301172
I'd be fine making the tls-proxy gate job voting once we get things
working again.
rob
More information about the OpenStack-dev
mailing list