Hi Yang, There are different ways of doing this:
1) configure nova/glance/neutron/cinder to "speak" SSL, this should be covered by the official documentation 2) run nova/glance/neutron/cinder as wsgi application behind apache, and let apache "speak" SSL 3) run nova/glance/neutron/cinder behind a load-balancer which is also doing SSL termination. We chose option 3), but there are a few issues. Specifically, nova, glance and cinder will always reply with the wrong url schema (http instead of https), regardless of what you put on the endpoint. For nova, there is a patch not yet merged in kilo: https://bugs.launchpad.net/glance/+bug/1384379 For glance and cinder, we solved adding a "middleware" in the wsgi pipeline, responsible for converting "http" to "https" whenever it's needed Some useful links: https://bugs.launchpad.net/glance/+bug/1384379 https://gist.github.com/invsblduck/55923d81b175ba4168c1 https://github.com/rcbops-cookbooks/openstack-ssl/wiki/OpenStack-SSL-Reverse-Proxy-Findings .a. On Thu, Aug 6, 2015 at 12:17 AM, YANG LI <[email protected]> wrote: > Is there a documentation on how to configure SSL on glance, nova and neutron > API? we did get keystone done ,but had hard time to find document on how to > do this on other services. > > Thanks, > Yang > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -- [email protected] [email protected] +41 (0)44 635 42 22 S3IT: Service and Support for Science IT http://www.s3it.uzh.ch/ University of Zurich Winterthurerstrasse 190 CH-8057 Zurich Switzerland _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
