Hi, all

I have a mitaka environment created by packstack, and i tried to configure the keystone to use ssl, but failed, can anyone help me?
# keystone is a wsgi service now.


Configure steps are as following:
===============
# keystone-manage ssl_setup --keystone-user keystone --keystone-group keystone
# chown -R keystone:keystone /etc/keystone/ssl
# keystone endpoint-create --service keystone --region RegionOne --publicurlhttps://{FQDN}:5000/v2.0 <https://%7BkeystoneHost%7D:5000/v2.0> --internalurlhttps://{FQDN}:5000/v2.0 <https://%7BkeystoneHost%7D:35357/v2.0> --adminurlhttps://{FQDN}:35357/v2.0 <https://%7BkeystoneHost%7D:35357/v2.0>
# cat /etc/keystone/keystone.conf
  ... ...
  [ssl]
  enable=True
  certfile = /etc/keystone/ssl/certs/keystone.pem
  keyfile = /etc/keystone/ssl/private/keystonekey.pem
  ca_certs = /etc/keystone/ssl/certs/ca.pem
  ca_key = /etc/keystone/ssl/private/cakey.pem

# cat keystonerc_admin
... ...
export OS_AUTH_URL=https://FQDN:5000/v2.0


# keystone endpoint-delete Old_Endpoint_For_Keystone
Unable to delete endpoint.


# systemctl restart httpd
# source keystonerc_admin

# openstack project list
Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL. SSL exception connecting to https://FQDN:5000/v2.0/tokens: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:765)
===============

Regards,
Kenn


_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Reply via email to