[Openstack] Devstack with SSL?

Sean Dague sean at dague.net
Tue Aug 29 15:40:58 UTC 2017

On 08/29/2017 10:56 AM, Rob Crittenden wrote:
> Ken D'Ambrosio wrote:
>> Hey, all.  We want to proof something out with SSL-enabled endpoints,
>> and don't want to go through the grief of setting up a whole multi-host
>> cloud to do it.  Devstack with
>> USE_SSL=True
>> in its local.conf seemed to be just the ticket... except that when it
>> gets done, "openstack show endpoints" only shows stock HTTP connections,
>> no HTTPS.  Googling has -- somewhat to my surprise -- shown essentially
>> nothing of value.  Should I give up on trying to teach Devstack new
>> tricks, and fire up Mirantis or something, or is there a way to get this
>> working?
> It's been forever since I've poked at USE_SSL because most users don't
> want to use SSL directly but put it behind usually haproxy. So I don't
> know if this is broken or not.
> I'd recommend you add tls-proxy to ENABLED_SERVICES instead. This will
> configure stud to proxy the requests.

Correct, USE_SSL was actually deleted in devstack last cycle, it was
really confusing to have 2 different ssl paths. The prefered devstack
way for doing SSL is with the tls-proxy, which is how we run in the gate
now. All endpoints get set as https, and are sent through an apache
proxy that terminates them.

This maps much closer to production models of doing haproxy, or some
other terminator.


Sean Dague

More information about the Openstack mailing list