Ask Your Question
3

How to specify https configuration for Heat?

asked 2014-03-05 10:22:43 -0500

Eufemia gravatar image

updated 2014-03-06 17:23:40 -0500

smaffulli gravatar image

I have a problem in the heat configuration for https protocol. In particular, in my current deploy environment, all the openstack services are reachable by means of security certificates. As a consequence, I have set "ca-file" variables in heat.conf and api-paste.ini files but Heat seems to not read them. In fact, when I run the command heat --ca-file XXX stack-create name --template=ect, I receive the following error: ERROR: Authorization Failed: <attribute 'message' of 'exceptions.BaseException' objects> (HTTP Unable to establish connection to https://havana.cloud:35357/v2.0/tokens)

Can you please help me?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2015-02-12 19:45:36 -0500

xu-haiwei gravatar image

I am not very about this, but when I looked up into heat.conf and nova.conf, the variable is "cafile", not "ca-file", is this the matter?

edit flag offensive delete link more
0

answered 2015-02-13 05:15:29 -0500

You have to configure in heat.conf under [ssl] group:

[ssl]
cert_file=/etc/nova/ssl/certs/mydomain.com.crt
key_file=/etc/nova/ssl/private/mydomain.com.pem

where cert_file is your cert file and key_file is your private key.

Salvo.

edit flag offensive delete link more
0

answered 2015-02-12 23:56:37 -0500

1-Cloud gravatar image

updated 2015-02-13 05:55:38 -0500

--ca-file OS_CACERT is DEPRECATED!

Use --os-cacert.

To enable SSL with client authentication, modify the [ssl] section in the etc/keystone.conf file. The following SSL configuration example uses the included sample certificates:

[ssl] enable = True certfile = <path to="" keystone.pem=""> keyfile = <path to="" keystonekey.pem=""> ca_certs = <path to="" ca.pem=""> cert_required = True

enable. True enables SSL. Default is False.

certfile. Path to the Identity Service public certificate file.

keyfile. Path to the Identity Service private certificate file. If you include the private key in the certfile, you can omit the keyfile.

ca_certs. Path to the CA trust chain.

cert_required. Requires client certificate. Default is False.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2014-03-05 10:22:43 -0500

Seen: 1,524 times

Last updated: Feb 13 '15