yahoo-eng-team team mailing list archive

[Sean Dague <sean@xxxxxxxxx>]

very old wishlist item

** Changed in: nova
       Status: Confirmed => Invalid

** Changed in: nova
     Assignee: Ilya Alekseyev (ilyaalekseyev) => (unassigned)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1198177

Title:
  Configuring SSL for Nova

Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  Hi,
   
  Installed nova 2013.1.2 through Github.
   
  I've configured nova with keystone by following below steps.
   
  1)Configured keystone with SSL by the steps followed in the below link
   https://bugs.launchpad.net/keystone/+bug/1194001.
   
  2)Created HTTPS endpoints for NOVA with service_type NOVAHTTPS.
   
  3)Added below configurations in /etc/nova/nova.conf in [default].
   
   enabled_ssl_apis=['ec2', 'osapi_compute', 'metadata', 'quantum']
    ssl_ca_file=/root/certs/ca.crt (Certificate Authority)
    ssl_cert_file=/root/certs/server_cert_key.pem (server cert + server key)
    ssl_key_file="/root/certs/server.key (server key)
   
  4) In /etc/nova/nova.conf, if “auth_protocol” is mapped with http in [keystone_authtoken] section then comment it, by default it allows “https”.
   
   #auth_protocol = http
   
  5) Edited /etc/nova/api-paste.ini and added below lines in [filter:authtoken] section and comment “auth_protocol”.
   
   #auth_protocol = http
    certfile = /root/original/server_cert_key.pem (server cert + server key)
    keyfile = /root/original/server.key (server key)
   
   
  My Observations:
   
  1) There is no option of passing OS_CERT through novaclient.
  2) No Configuration flag for making use_ssl=True in the server side to allow ssl connections.

  Ref Link: https://answers.launchpad.net/nova/+question/231263

  
  Thanks,
  Sasikiran.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1198177/+subscriptions