OpenStack Identity (keystone)

keystone-manage pki_setup does not create pem files

Bug #1155361 reported by Mark Miller on 2013-03-14

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Jamie Lennox	OpenStack Identity (keystone) 2013.2 "havana"

Bug Description

Looks like there’s a bug in pki_setup. It didn’t generate the SSL certs, only the signing certs. Workaround is to make ssl using the signing certs for now.

[ssl]
enable = True
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
cert_required = False

Also, if your keystone process is not running as root, make sure the file perms for the pem files are set properly.

Guang

-----------

[ssl]
enable = True
#enable = False
certfile = /etc/keystone/ssl/certs/keystone.pem
keyfile = /etc/keystone/ssl/private/keystonekey.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
cert_required = False

Mark

Dolph Mathews (dolph) on 2013-03-19

Changed in keystone:
status:	New → Triaged
importance:	Undecided → Medium

Dolph Mathews (dolph) on 2013-03-19

summary:	- keystone-manage pki_setup does create keytone pem files + keystone-manage pki_setup does not create pem files
tags:	added: grizzly-rc-potential

Mark McLoughlin (markmc) on 2013-03-19

tags:

added: grizzly-backport-potential

Thierry Carrez (ttx) on 2013-04-02

tags:

removed: grizzly-rc-potential

Adam Young (ayoung) on 2013-04-04

Changed in keystone:
assignee:	nobody → Jamie Lennox (jamielennox)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-04-09: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/26436

Changed in keystone:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-04-12: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/26436
Committed: http://github.com/openstack/keystone/commit/28ef9cdcc6073c2f6600d30b401dcbce81afd4df
Submitter: Jenkins
Branch: master

commit 28ef9cdcc6073c2f6600d30b401dcbce81afd4df
Author: Jamie Lennox <email address hidden>
Date: Thu Apr 4 17:44:01 2013 +1000

Generate HTTPS certificates with ssl_setup.

    Extracts common OpenSSL functionality from pki_setup and adds a new cli
    command ssl_setup which re-uses this base to generate SSL certificates
    for https.

Change-Id: Ia34827583bcdfbd871133250681010e642271f07
Fixes: bug 1155361

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-05-29

Changed in keystone:
milestone:	none → havana-1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in keystone:
milestone:	havana-1 → 2013.2

Alan Pevec (apevec) on 2014-03-30

tags:

removed: grizzly-backport-potential

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.