[Openstack-operators] [keystone] Need info on the correct location to place the certificates / correct tags to specify the same

Steve Martinelli s.martinelli at gmail.com
Fri May 13 06:20:49 UTC 2016


Oops, forgot to reply-all.

On Fri, May 13, 2016 at 1:43 AM, Rahul Sharma <rahulsharmaait at gmail.com>
wrote:

> Thank you Steve for pointing me in right direction. That was really
> helpful.
>
> - Rahul
>
>
> On Fri, May 13, 2016 at 1:02 AM, Steve Martinelli <s.martinelli at gmail.com>
> wrote:
>
>> These options are related to running keystone under eventlet, which was
>> deprecated in Kilo and removed in Newton. Keystone should be run under a
>> real web server like apache or nginx. By running keystone with these tools
>> configuring TLS should be much easier. There is a lot more detail about it
>> here: http://docs.openstack.org/developer/keystone/apache-httpd.html
>>
>> On Thu, May 12, 2016 at 11:56 PM, Rahul Sharma <rahulsharmaait at gmail.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> While upgrading from Kilo to Liberty, I am seeing these warnings in the
>>> logs:-
>>>
>>> ./keystone/keystone.log:2016-05-11 13:40:34.013 20402 WARNING
>>> oslo_config.cfg [-] Option "certfile" from group "ssl" is deprecated. Use
>>> option "certfile" from group "eventlet_server_ssl".
>>> ./keystone/keystone.log:2016-05-11 13:40:34.013 20402 WARNING
>>> oslo_config.cfg [-] Option "certfile" from group "eventlet_server_ssl" is
>>> deprecated for removal.  Its value may be silently ignored in the future.
>>> ./keystone/keystone.log:2016-05-11 13:40:34.013 20402 WARNING
>>> oslo_config.cfg [-] Option "keyfile" from group "ssl" is deprecated. Use
>>> option "keyfile" from group "eventlet_server_ssl".
>>> ./keystone/keystone.log:2016-05-11 13:40:34.013 20402 WARNING
>>> oslo_config.cfg [-] Option "keyfile" from group "eventlet_server_ssl" is
>>> deprecated for removal.  Its value may be silently ignored in the future.
>>> ./keystone/keystone.log:2016-05-11 13:40:34.013 20402 WARNING
>>> oslo_config.cfg [-] Option "ca_certs" from group "ssl" is deprecated. Use
>>> option "ca_certs" from group "eventlet_server_ssl".
>>> ./keystone/keystone.log:2016-05-11 13:40:34.013 20402 WARNING
>>> oslo_config.cfg [-] Option "ca_certs" from group "eventlet_server_ssl" is
>>> deprecated for removal.  Its value may be silently ignored in the future.
>>>
>>> It looks like the parameters certfile, keyfile, ca_certs are going to be
>>> deprecated(might be deprecated by now) in future releases. For running
>>> keystone with TLS, I need to specify the location of my certificates in
>>> some configuration file. Does the above logs mean that we are going to
>>> store the certs in some standard/default directory? I tried to find any
>>> documentation specifying these changes or any configuration updates needed
>>> to support these changes, but couldn't find any. Can someone please help me
>>> out in identifying where the right configuration should be?
>>>
>>> Thanks.
>>>
>>> *Rahul Sharma*
>>> *MS in Computer Science, 2016*
>>> College of Computer and Information Science, Northeastern University
>>> Mobile:  801-706-7860
>>> Email: rahulsharmaait at gmail.com
>>> Linkedin: www.linkedin.com/in/rahulsharmaait
>>>
>>> _______________________________________________
>>> OpenStack-operators mailing list
>>> OpenStack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160513/4d2c6046/attachment.html>


More information about the OpenStack-operators mailing list