2017-08-29 15:40 GMT+00:00 Sean Dague <s...@dague.net>: > On 08/29/2017 10:56 AM, Rob Crittenden wrote: >> Ken D'Ambrosio wrote: >>> Hey, all. We want to proof something out with SSL-enabled endpoints, >>> and don't want to go through the grief of setting up a whole multi-host >>> cloud to do it. Devstack with >>> USE_SSL=True >>> in its local.conf seemed to be just the ticket... except that when it >>> gets done, "openstack show endpoints" only shows stock HTTP connections, >>> no HTTPS. Googling has -- somewhat to my surprise -- shown essentially >>> nothing of value. Should I give up on trying to teach Devstack new >>> tricks, and fire up Mirantis or something, or is there a way to get this >>> working? >> >> It's been forever since I've poked at USE_SSL because most users don't >> want to use SSL directly but put it behind usually haproxy. So I don't >> know if this is broken or not. >> >> I'd recommend you add tls-proxy to ENABLED_SERVICES instead. This will >> configure stud to proxy the requests. > > Correct, USE_SSL was actually deleted in devstack last cycle, it was > really confusing to have 2 different ssl paths. The prefered devstack > way for doing SSL is with the tls-proxy, which is how we run in the gate > now. All endpoints get set as https, and are sent through an apache > proxy that terminates them. > > This maps much closer to production models of doing haproxy, or some > other terminator.
Incidentally I was just working on this today and found some issues, see https://bugs.launchpad.net/devstack/+bug/1713731 and https://bugs.launchpad.net/cinder/+bug/1713732, which make me think that the test coverage is still not as good as one would hope for. _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
