Hi, all
I have a mitaka environment created by packstack, and i tried to
configure the keystone to use ssl, but failed, can anyone help me?
# keystone is a wsgi service now.
Configure steps are as following:
===============
# keystone-manage ssl_setup --keystone-user keystone --keystone-group
keystone
# chown -R keystone:keystone /etc/keystone/ssl
# keystone endpoint-create --service keystone --region RegionOne
--publicurlhttps://{FQDN}:5000/v2.0
<https://%7BkeystoneHost%7D:5000/v2.0>
--internalurlhttps://{FQDN}:5000/v2.0
<https://%7BkeystoneHost%7D:35357/v2.0>
--adminurlhttps://{FQDN}:35357/v2.0 <https://%7BkeystoneHost%7D:35357/v2.0>
# cat /etc/keystone/keystone.conf
... ...
[ssl]
enable=True
certfile = /etc/keystone/ssl/certs/keystone.pem
keyfile = /etc/keystone/ssl/private/keystonekey.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
ca_key = /etc/keystone/ssl/private/cakey.pem
# cat keystonerc_admin
... ...
export OS_AUTH_URL=https://FQDN:5000/v2.0
# keystone endpoint-delete Old_Endpoint_For_Keystone
Unable to delete endpoint.
# systemctl restart httpd
# source keystonerc_admin
# openstack project list
Discovering versions from the identity service failed when creating the
password plugin. Attempting to determine version from URL.
SSL exception connecting to https://FQDN:5000/v2.0/tokens: [SSL:
UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765)
===============
Regards,
Kenn
_______________________________________________
OpenStack-operators mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
