On 11/14/2013 03:42 AM, Jesse Pretorius wrote:
On 13 November 2013 23:39, Miller, Mark M (EB SW Cloud - R&D -
Corvallis) <mark.m.mil...@hp.com <mailto:mark.m.mil...@hp.com>> wrote:
I finally found a set of web pages that has a working set of
configuration files for the major OpenStack services "
http://andymc-stack.co.uk/2013/07/apache2-mod_wsgi-openstack-pt-2-nova-api-os-compute-nova-api-ec2/
" by Andy Mc. I skipped ceilometer and have the rest of the
services working except quantum with self-signed certificates on a
Grizzly-3 OpenStack instance. Now I am stuck trying to figure out
how to get quantum to accept self-signed certificates.
My goal is to harden my Grizzly-3 OpenStack instance using SSL and
self-signed certificates. Later I will do the same for Havana bits
and use real/valid certificates.
I struggled with getting this all to work correctly for a few weeks,
then eventually gave up and opted instead to use an Apache reverse
proxy to front-end the native services. I just found that using an
Apache/wsgi configuration doesn't completely work. It would certainly
help if this configuration was implemented into the Openstack testing
regime to help all the services become first-class citizens as a wsgi
process behind Apache.
Does Glance save the image to the local file system? I'd suspect
SELinux, since it sounds like you were trying this on CentOS: SELinux is
very restrictive in what it lets Apache write. Again, I'd recopmmend
running with SELinux in Permissive mode on this host and look at the
avc's generated: Run audit2why.
I would suggest that you review the wsgi files and vhost templates in
the rcbops chef cookbooks for each service. They include my updates to
Andy's original blog items to make things work properly.
I found that while Andy's stuff appears to work, it becomes noticeable
that it works in a read-only fashion. I managed to get keystone/nova
confirmed to work properly, but glance just would not work - I could
never upload any images and if caching/management was turned off in
the glance service then downloading images didn't work either.
Good luck - if you do get a fully working config it'd be great to get
feedback on the adjustments you had to make to get it working.
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev