devstack

  1. Bug #1328226
  2. Comment #4

Comment 4 for bug 1328226

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to devstack (master)

Reviewed: https://review.openstack.org/98854
Committed: https://git.openstack.org/cgit/openstack-dev/devstack/commit/?id=18d4778cf7bffa60eb2e996a13c129c64f83575f
Submitter: Jenkins
Branch: master

commit 18d4778cf7bffa60eb2e996a13c129c64f83575f
Author: Rob Crittenden <email address hidden>
Date: Wed Mar 19 17:47:42 2014 -0400

    Configure endpoints to use SSL natively or via proxy

    Configure nova, cinder, glance, swift and neutron to use SSL
    on the endpoints using either SSL natively or via a TLS proxy
    using stud.

    To enable SSL via proxy, in local.conf add

    ENABLED_SERVICES+=,tls-proxy

    This will create a new test root CA, a subordinate CA and an SSL
    server cert. It uses the value of hostname -f for the certificate
    subject. The CA certicates are also added to the system CA bundle.

    To enable SSL natively, in local.conf add:

    USE_SSL=True

    Native SSL by default will also use the devstack-generate root and
    subordinate CA.

    You can override this on a per-service basis by setting

    <SERVICE>_SSL_CERT=/path/to/cert
    <SERVICE>_SSL_KEY=/path/to/key
    <SERVICE>_SSL_PATH=/path/to/ca

    You should also set SERVICE_HOST to the FQDN of the host. This
    value defaults to the host IP address.

    Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac
    Closes-Bug: 1328226