1. get the key and certificates from /etc/apache2/ssl/nova/cert_nova.<domain> and /etc/apache2/ssl/nova/key_nova.<domain>
2. use the deprecated console-ssl- options:
juju config nova-cloud-controller \
console-ssl-cert="$(base64 cert_nova.<domain>)" \
console-ssl-key="$(base64 key_nova.<domain>)"
This will overwrite the nova.conf entries with the specified certificate and key:
[DEFAULT]
...
cert=/etc/nova/ssl/nova_cert.pem
key=/etc/nova/ssl/nova_key.pem
The internal / admin / public TLS endpoints will be still terminated by apache, so this change won't affect nova service rest interfaces, only the consoleauth will pick up the setting:
nova 1913397 0.0 0.0 296568 104316 ? Ss 12:44 0:03 /usr/bin/python3 /usr/bin/nova-consoleauth --config-file=/etc/nova/nova.conf --log-file=/var/log/nova/nova-consoleauth.log
A workaround for the issue:
1. get the key and certificates from /etc/apache2/ ssl/nova/ cert_nova. <domain> and /etc/apache2/ ssl/nova/ key_nova. <domain> controller \ ssl-cert= "$(base64 cert_nova. <domain> )" \ ssl-key= "$(base64 key_nova.<domain>)"
2. use the deprecated console-ssl- options:
juju config nova-cloud-
console-
console-
This will overwrite the nova.conf entries with the specified certificate and key: nova/ssl/ nova_cert. pem nova/ssl/ nova_key. pem
[DEFAULT]
...
cert=/etc/
key=/etc/
The internal / admin / public TLS endpoints will be still terminated by apache, so this change won't affect nova service rest interfaces, only the consoleauth will pick up the setting:
nova 1913397 0.0 0.0 296568 104316 ? Ss 12:44 0:03 /usr/bin/python3 /usr/bin/ nova-consoleaut h --config- file=/etc/ nova/nova. conf --log-file= /var/log/ nova/nova- consoleauth. log