OK, So If I want something on stable on Havana then I need to go through the HTTPD/mod_wsgi ? Isn't it.
I also see lots of things around TripleO but don't have much idea. Things like TripleO, Tuskar .http://openstack.redhat.com/Deploying_RDO_using_Tuskar_and_TripleO Though not sure, what all this is doing. Devendra On Tue, Apr 15, 2014 at 3:48 AM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <[email protected]> wrote: > I am just learning myself and it is aimed at Icehouse, not Havana. > > http://docs.openstack.org/developer/tripleo-incubator/devtest.html > > Mark > > > -----Original Message----- > From: Devendra Gupta [mailto:[email protected]] > Sent: Monday, April 14, 2014 3:14 PM > To: Miller, Mark M (EB SW Cloud - R&D - Corvallis) > Cc: [email protected]; [email protected] > Subject: Re: Enabling SSL For The OpenStack API using HTTPD and mod_wsgi > > Thanks Mark, TripleO seems good. I just came to know about it from you so > doing google around it. Do you see some known/trusted doc to configure it > with OpenStack. I am willing to proceed with it on Havana. > > - Devendra > > On Tue, Apr 15, 2014 at 3:26 AM, Miller, Mark M (EB SW Cloud - R&D - > Corvallis) <[email protected]> wrote: >> Devendra, >> >> We are now using an SSL terminator solution instead of attempting to turn >> SSL on all of the OpenStack services. I have not attempted to turn SSL on >> Havana nor Icehouse builds, but the Grizzly base was pretty flakey . Right >> now the TripleO work is using the "stunnel" proxy server in front of all >> OpenStack services to terminate SSL. You can then proxy the incoming HTTPS >> request onto the local 127.0.0.1/8 bus which is inaccessible from outside >> your server. It also isolates the SSL terminator from the OpenStack service >> processes. >> >> Mark >> >> -----Original Message----- >> From: Devendra Gupta [mailto:[email protected]] >> Sent: Monday, April 14, 2014 2:30 PM >> To: Miller, Mark M (EB SW Cloud - R&D - Corvallis); [email protected] >> Cc: [email protected] >> Subject: Enabling SSL For The OpenStack API using HTTPD and mod_wsgi >> >> Hi, >> >> I want to enable SSL for all the OpenStack APIs and test it but I couldn't >> find detailed doc on docs.openstack.org. Does anyone have some notes on how >> to set this up ? >> >> I did good search around it on Google and OpenStack/RDO mailing list, I >> found lots of different paths but most of them were limited to Keystone only >> using 'keystone-manage ssl_setup'. I also found following nice blog which >> have 6 posts for setting up the SSL for all the components using Apache2 and >> mod_wsgi. >> >> http://andymc-stack.co.uk/2013/06/apache2-mod_wsgi-openstack-pt1-keyst >> one/ >> >> I want to go through this doc to do a complete setup but before that I >> wanted to take few inputs about my environment: >> >> 1. I have OpenStack RDO Havana running on Single CentOS 6 VM. Is it fine to >> try the steps on OpenStack RDO/Havana setup ? Or I need to have OpenStack >> setup on Ubuntu/Grizzly ? >> >> 2. Since all the OpenStack components are running on the same host, I >> guess I need to add VHost entries for all the APIs (mentioned in all 6 >> docs) in the /etc/httpd/conf/http.conf. Please help me if someone have a >> sample file VHost file with sites created for some/all components. >> >> 3. Can I have single set of self signed certificate path for all the >> Virtual Host entries as all APIs are running on the single VM. >> SSLCertificateFile /location/of/server.pem >> SSLCertificateKeyFile /location/of/server.key >> >> Another thing, the ketstone configuration part in this blog is having >> reference to the github page (http://goo.gl/ZIhcn2) for configuring Keystone >> with SSL but I find that doc little difficult to understand as there is no >> details of configuring virtual hosts so can I skip the github doc and >> proceed with the same blog. >> >> Regards, >> Devendra Gupta _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
