SM: Keystone SSL Support
Bug #1689761 reported by
Ignatious Johnson Christopher
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R4.0 |
In Progress
|
High
|
Dheeraj Gautam | |||
Trunk |
In Progress
|
High
|
Dheeraj Gautam |
Bug Description
Need support in SM puppet manifest to enable SSL for keystone service.
Following additional settings are required in /etc/keystone/
to enable SSL for keystone from Mitaka and later.
[eventlet_
enable = True
certfile = /etc/contrailct
keyfile = /etc/contrailct
ca_certs = /etc/contrailct
Here server.pem, server-privkey.pem and ca-cert.pem are certs generated by SM for each nodes in the cluster.
Also
In /etc/neutron.conf file, following additional settings are required to enable neutron to validate certs of keystone before communicating to it.
[keystone_
cafile = /etc/contrailct
Changed in juniperopenstack: | |
assignee: | nobody → Abhay Joshi (abhayj) |
tags: | added: blocker provisioning server-manager |
tags: | removed: blocker |
information type: | Proprietary → Public |
To post a comment you must log in.
Release-notes:
Provisioning of SSL for Keystone is not supported using SM in R4.0.0.0