Hi, Daniel,
thanks a lot for the help on this. The problem with the ssl proxy was
that I was missing an extra / at the end of the ssl_server directive. So
one needs
:ssl_server: https://cloud.opennebula.org/
rather than
:ssl_server: https://cloud.opennebula.org
else I get authentication errors. However, this is not the end of the
story I'm afraid. With this patch in place I can query the system, but
it's very very slow. My most important user has some 500 VMs in the
system, and a
euca-describe-instances
times out or gives expat parse errors. If I query the system locally it
works fine and is very responsive. This problem is new in 3.2.1, I
didn't have this in 3.0 which I was using before. I already checked that
I have all rubygems installed which are needed.
Any idea?
Thanks!
Ulrich
On 02/02/2012 11:40 PM, Daniel Molina wrote:
Hi Ulrich,
We have added a new patch in order to support custom paths and ports
when setting up an SSL proxy on top of the econe-server. You can see
this patch in the following link:
http://dev.opennebula.org/issues/985
This patch has been included in the last release (3.2.1). I recommend
you to upgrade to this version. Also the performance should be
improved since we have included a new authentication cache.
Currently the econe-server is running in our public cloud with an SSL
proxy, using the following configuration:
$ cat econe.conf
# Host and port where econe server will run
:server: localhost
:port: 7141
# SSL proxy that serves the API (set if is being used)
:ssl_server: https://cloud.opennebula.org/econe
# Authentication driver for incomming requests
# ec2, default Acess key and Secret key scheme
# x509, for x509 certificates based authentication
:auth: ec2
# Authentication driver to communicate with OpenNebula core
# cipher, for symmetric cipher encryption of tokens
# x509, for x509 certificate encryption of tokens
:core_auth: cipher
$ cat apache2.conf
<VirtualHost *:443>
servername cloud.opennebula.org
SSLEngine on
ProxyPass /econe http://localhost:7141/
ProxyPassReverse /econe http://localhost:7141/
</VirtualHost>
If you use a path different from '/' the client must support this
feature, otherwise the authentication will fail. The econe tools
included in the 3.2.1 release support custom paths.
Also if you want the proxy to listen in a different port from the
default (443) you can specify it in the ssl_parameter:
:ssl_server: https://cloud.opennebula.org:8082/
Hope this helps
On 2 February 2012 22:45, Ulrich Schwickerath
<[email protected]> wrote:
Hi,
did anybody try to setup the ONE 3.2 econe-server with an SSL proxy ? The
instructions on the web on this seem to be a bit out of date.
I had it working fine with 3.0 but with 3.2 I get authentication errors (the
ssl proxy setup is unchanged sinde 3.0). Direct access via http works
(although slower than before).
Cheers,
Ulrich
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
--------------------------------------
Dr. Ulrich Schwickerath
CERN IT/PES-PS
1211 Geneva 23
e-mail: [email protected]
phone: +41 22 767 9576
mobile: +41 76 487 5602
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
