Thanks Mark, TripleO seems good. I just came to know about it from you so doing google around it. Do you see some known/trusted doc to configure it with OpenStack. I am willing to proceed with it on Havana.
- Devendra On Tue, Apr 15, 2014 at 3:26 AM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <mark.m.mil...@hp.com> wrote: > Devendra, > > We are now using an SSL terminator solution instead of attempting to turn SSL > on all of the OpenStack services. I have not attempted to turn SSL on Havana > nor Icehouse builds, but the Grizzly base was pretty flakey . Right now the > TripleO work is using the "stunnel" proxy server in front of all OpenStack > services to terminate SSL. You can then proxy the incoming HTTPS request onto > the local 127.0.0.1/8 bus which is inaccessible from outside your server. It > also isolates the SSL terminator from the OpenStack service processes. > > Mark > > -----Original Message----- > From: Devendra Gupta [mailto:dev29...@gmail.com] > Sent: Monday, April 14, 2014 2:30 PM > To: Miller, Mark M (EB SW Cloud - R&D - Corvallis); ayo...@redhat.com > Cc: openstack@lists.openstack.org > Subject: Enabling SSL For The OpenStack API using HTTPD and mod_wsgi > > Hi, > > I want to enable SSL for all the OpenStack APIs and test it but I couldn't > find detailed doc on docs.openstack.org. Does anyone have some notes on how > to set this up ? > > I did good search around it on Google and OpenStack/RDO mailing list, I found > lots of different paths but most of them were limited to Keystone only using > 'keystone-manage ssl_setup'. I also found following nice blog which have 6 > posts for setting up the SSL for all the components using Apache2 and > mod_wsgi. > > http://andymc-stack.co.uk/2013/06/apache2-mod_wsgi-openstack-pt1-keystone/ > > I want to go through this doc to do a complete setup but before that I wanted > to take few inputs about my environment: > > 1. I have OpenStack RDO Havana running on Single CentOS 6 VM. Is it fine to > try the steps on OpenStack RDO/Havana setup ? Or I need to have OpenStack > setup on Ubuntu/Grizzly ? > > 2. Since all the OpenStack components are running on the same host, I guess I > need to add VHost entries for all the APIs (mentioned in all 6 > docs) in the /etc/httpd/conf/http.conf. Please help me if someone have a > sample file VHost file with sites created for some/all components. > > 3. Can I have single set of self signed certificate path for all the Virtual > Host entries as all APIs are running on the single VM. > SSLCertificateFile /location/of/server.pem > SSLCertificateKeyFile /location/of/server.key > > Another thing, the ketstone configuration part in this blog is having > reference to the github page (http://goo.gl/ZIhcn2) for configuring Keystone > with SSL but I find that doc little difficult to understand as there is no > details of configuring virtual hosts so can I skip the github doc and proceed > with the same blog. > > Regards, > Devendra Gupta _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
