Hi, all

I have a mitaka environment created by packstack, and i tried to configure the keystone to use ssl, but failed, can anyone help me?
# keystone is a wsgi service now.

Configure steps are as following:
# keystone-manage ssl_setup --keystone-user keystone --keystone-group keystone
# chown -R keystone:keystone /etc/keystone/ssl
# keystone endpoint-create --service keystone --region RegionOne --publicurlhttps://{FQDN}:5000/v2.0 <https://%7BkeystoneHost%7D:5000/v2.0> --internalurlhttps://{FQDN}:5000/v2.0 <https://%7BkeystoneHost%7D:35357/v2.0> --adminurlhttps://{FQDN}:35357/v2.0 <https://%7BkeystoneHost%7D:35357/v2.0>
# cat /etc/keystone/keystone.conf
  ... ...
  certfile = /etc/keystone/ssl/certs/keystone.pem
  keyfile = /etc/keystone/ssl/private/keystonekey.pem
  ca_certs = /etc/keystone/ssl/certs/ca.pem
  ca_key = /etc/keystone/ssl/private/cakey.pem

# cat keystonerc_admin
... ...
export OS_AUTH_URL=https://FQDN:5000/v2.0

# keystone endpoint-delete Old_Endpoint_For_Keystone
Unable to delete endpoint.

# systemctl restart httpd
# source keystonerc_admin

# openstack project list
Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL. SSL exception connecting to https://FQDN:5000/v2.0/tokens: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765)


OpenStack-operators mailing list

Reply via email to