Clark Boylan wrote:
On Wed, Jul 20, 2016, at 07:01 AM, Rob Crittenden wrote:
Andrey Pavlov wrote:
Hi,
When I ran devstack with SSL I found a bug and tried to fix it -
https://review.openstack.org/#/c/242812/
But no one agree with me.
Try to apply this patch - it may help.
Also there is a chance that new bugs present in devstack that
prevented to install it with SSL.
Seeing how some other things in your local.conf might help but when I
tried to reproduce it I got the same error and it failed because Apache
didn't have an SSL listener on 443.
I'm not sure I'd recommend direct SSL in any case. I'd recommend the
tls-proxy service instead. Note that I'm pretty sure it has the same
problem: it hasn't been updated to handle port 443 for Keystone.
I pushed a change up (https://review.openstack.org/#/c/296771/) to
enable tls-proxy in devstack-gate to see how it does and it wasn't too
happy. Is it worth trying to make a push on this and just enabling it by
default in devstack?
The failure is due to the Keystone switch to using URLs in favor of
ports to distinguish user and admin operations. The fix is fairly
straightforward and I have it fixed in a related change, switching from
stud to mod_proxy https://review.openstack.org/#/c/301172
I'd be fine making the tls-proxy gate job voting once we get things
working again.
rob
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
