Something wrong with my certificates and Keystone, cause changing to self-signed certificates everything is working.
On Tue, Feb 10, 2015 at 8:52 PM, Gui Maluf <[email protected]> wrote: > http://paste.openstack.org/show/171017/ > > On Tue, Feb 10, 2015 at 8:33 PM, Kris G. Lindgren <[email protected]> > wrote: > >> Can you post your haproxy config file? >> ____________________________________________ >> >> Kris Lindgren >> Senior Linux Systems Engineer >> GoDaddy, LLC. >> >> >> From: Gui Maluf <[email protected]> >> Date: Tuesday, February 10, 2015 at 3:25 PM >> To: "[email protected]" < >> [email protected]> >> Subject: [Openstack-operators] Swift-Proxy + Keystone with HAProxy and >> SSL >> >> hey guy, >> my production environment is down for two days and I can't fixit. >> >> I had 3 keystone+swiftproxy nodes, balanced with DNS-RR and endpoints >> pointing to DNS; keystone running on 5000/35357 and swift on 443, both with >> self-signed certificate and native ssl; >> >> Then I've changed the swiftproxy to run on port 8080, disable the native >> SSL, set up HAProxy(real LB with healthcheck and SSL passthrough) >> redirecting tcp connections to keystone/swiftproxy nodes and changed >> keystone endpoints pointing to HAProxy hostname with specific ports. >> >> What is happening now: Using curl I can access keystone api with -k and >> passing --cacert, but with keystoneclient, even with OS_CACERT, I can't run >> any command without the --insecure flag >> >> Authorization Failed: <attribute 'message' of 'exceptions.BaseException' >> objects> (HTTP Unable to establish connection to https >> >> Swift just don't work neither through API or swiftclient. >> >> Someone could help me please? >> What else should I do to change swift-proxy port and to have a HAProxy >> pointing to that.? >> >> >> thanks >> >> -- >> *guilherme* \n >> \t *maluf* >> > > > > -- > *guilherme* \n > \t *maluf* > -- *guilherme* \n \t *maluf*
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
