[Openstack] [nova] secure websocket (wss) and websocketproxy setup for serial console
Markus Zoeller
mzoeller at de.ibm.com
Fri May 8 13:05:20 UTC 2015
How do I setup a secure websocket connection (wss) for the
nova-serialproxy service? I have the following setting on the
compute node (nova.conf):
[serial_console]
enabled = True
base_url = wss://<ip-of-controller-node>:6083/ # wss !!
proxyclient_address = <ip-of-compute-node>
As soon as I want to use that with Horizon (via https) the
nova-serialproxy service logs this trace (from the module
"nova.console.websocketproxy"; timestamps and location truncated):
[...] [-] exception vmsg
/usr/lib/python2.7/site-packages/websockify/websocket.py:824
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/websockify/websocket.py",
line 874, in top_new_client
client = self.do_handshake(startsock, address)
File "/usr/lib/python2.7/site-packages/websockify/websocket.py",
line 786, in do_handshake
keyfile=self.key)
File "/usr/lib/python2.7/site-packages/eventlet/green/ssl.py", line
339, in wrap_socket
return GreenSSLSocket(sock, *a, **kw)
File "/usr/lib/python2.7/site-packages/eventlet/green/ssl.py", line
64, in __init__
ca_certs, do_handshake_on_connect and six.PY2, *args, **kw)
File "/usr/lib64/python2.7/ssl.py", line 141, in __init__
ciphers)
SSLError: [Errno 336265225] _ssl.c:351: error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib
I assume that I have to set the "nova.conf" options "cert" and "key"
([DEFAULT] section) on the controller node but I couldn't figure out
the right setup.
Thanks in advance!
Markus Zoeller (markus_z)
More information about the Openstack
mailing list