[Openstack-operators] Swift-Proxy + Keystone with HAProxy and SSL

Gui Maluf guimalufb at gmail.com
Tue Feb 10 22:52:15 UTC 2015


http://paste.openstack.org/show/171017/

On Tue, Feb 10, 2015 at 8:33 PM, Kris G. Lindgren <klindgren at godaddy.com>
wrote:

>  Can you post your haproxy config file?
>  ____________________________________________
>
> Kris Lindgren
> Senior Linux Systems Engineer
> GoDaddy, LLC.
>
>
>   From: Gui Maluf <guimalufb at gmail.com>
> Date: Tuesday, February 10, 2015 at 3:25 PM
> To: "openstack-operators at lists.openstack.org" <
> openstack-operators at lists.openstack.org>
> Subject: [Openstack-operators] Swift-Proxy + Keystone with HAProxy and SSL
>
>    hey guy,
> my production environment is down for two days and I can't fixit.
>
> I had 3 keystone+swiftproxy nodes, balanced with DNS-RR and endpoints
> pointing to DNS; keystone running on 5000/35357 and swift on 443, both with
> self-signed certificate and native ssl;
>
> Then I've changed the swiftproxy to run on port 8080, disable the native
> SSL, set up HAProxy(real LB with healthcheck and SSL passthrough)
> redirecting tcp connections to keystone/swiftproxy nodes and changed
> keystone endpoints pointing to HAProxy hostname with specific ports.
>
> What is happening now: Using curl I can access keystone api with -k and
> passing --cacert, but with keystoneclient, even with OS_CACERT, I can't run
> any command without the --insecure flag
>
> Authorization Failed: <attribute 'message' of 'exceptions.BaseException'
> objects> (HTTP Unable to establish connection to https
>
> Swift just don't work neither through API or swiftclient.
>
> Someone could help me please?
>  What else should I do to change swift-proxy port and to have a HAProxy
> pointing to that.?
>
>
>  thanks
>
> --
> *guilherme* \n
> \t *maluf*
>



-- 
*guilherme* \n
\t *maluf*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150210/4b23cf75/attachment.html>


More information about the OpenStack-operators mailing list