Ask Your Question
0

how to enable SSL for dashboard (icehouse and trusty)?

asked 2014-05-20 08:20:44 -0500

Daniel P gravatar image

updated 2014-05-21 02:31:18 -0500

Hi,

I'm hitting some problems trying to enable HTTPS with Icehouse on Ubuntu Trusty. After following the instructions in the Configuration Reference here, and changing some minor things such as certificate paths, ServerName, etc.

Starting with the apache error.log:

On apache startup, I'm seeing this (I don't think this is a problem, but I've included it anyway):

[Tue May 20 11:41:26.855976 2014] [ssl:warn] [pid 3659:tid 140146600081280] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 20 11:41:26.858930 2014] [mpm_event:notice] [pid 3659:tid 140146600081280] AH00489: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f mod_wsgi/3.4 Python/2.7.6 configured -- resuming normal operations

And when attempting to browse to the website, the browser gives me 'Internal Server Error' and in the error.log:

[Tue May 20 11:43:57.473929 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843] mod_wsgi (pid=3666): Exception occurred processing WSGI script '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi'.
[Tue May 20 11:43:57.474026 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843] Traceback (most recent call last):
[Tue May 20 11:43:57.474070 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843]   File "/usr/lib/python2.7/dist-packages/django/core/handlers/wsgi.py", line 187, in __call__
[Tue May 20 11:43:57.484104 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843]     self.load_middleware()
[Tue May 20 11:43:57.484137 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843]   File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 44, in load_middleware
[Tue May 20 11:43:57.484659 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843]     for middleware_path in settings.MIDDLEWARE_CLASSES:
[Tue May 20 11:43:57.484685 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843]   File "/usr/lib/python2.7/dist-packages/django/conf/__init__.py", line 54, in __getattr__
[Tue May 20 11:43:57.491903 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843]     self._setup(name)
[Tue May 20 11:43:57.491939 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843]   File "/usr/lib/python2.7/dist-packages/django/conf/__init__.py", line 49, in _setup
[Tue May 20 11:43:57.491971 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843]     self._wrapped = Settings(settings_module)
[Tue May 20 11:43:57.491986 2014] [:error] [pid 3666:tid 140146393478912] [client 2001:6b0:e:4a46:f183:4121:6a38:f18b:46843]   File "/usr/lib/python2.7/dist-packages/django/conf/__init__.py", line 128, in ...
(more)
edit retag flag offensive close merge delete

Comments

can you post logs?

SGPJ gravatar imageSGPJ ( 2014-05-20 11:25:23 -0500 )edit

Sure. I've edited the question to include the complete traceback from the apache error.log. Are there any other relevant openstack logs I can include? I don't see any log files for 'horizon' or 'dashboard'.

Daniel P gravatar imageDaniel P ( 2014-05-21 02:32:15 -0500 )edit
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2014-05-23 04:46:27 -0500

Daniel P gravatar image

Found a solution. When I compared the contents of the installed openstack-dashboard.conf file against the example in the Configuration Reference Manual I noticed there were some discrepancies, notably in the first few lines, and some other places. I basically just merged the original content into the Configuration Reference example, and HTTPS is working fine now. In case it's useful to others, the working conf file is here. (I initially tried putting the conf file inline in my answer here, but the editor went crazy with all the HTML tags).

edit flag offensive delete link more

Comments

I wrote up a doc bug for this, so if this affects you, please indicate on the bug here so that the documentation can be updated.

Daniel P gravatar imageDaniel P ( 2014-05-23 04:51:14 -0500 )edit
add a comment
1

answered 2014-05-21 07:23:47 -0500

jpichon gravatar image

For the Internal Server Error, the log file indicates a permission issue when trying to create /var/lib/openstack-dashboard/secret_key, you may want to make sure the Apache user is allowed to write there.

edit flag offensive delete link more

Comments

the directory /var/lib/openstack-dashboard permissions are horizon:horizon 700. There is a 'secret_key' file inside, also horizon:horizon 700. I'm on Ubuntu Trusty, so the apache user:group is www-data:www-data. I would assume these are locked down to just the horizon user for a reason? ...

Daniel P gravatar imageDaniel P ( 2014-05-21 08:04:49 -0500 )edit

The Installation Guide > Add the Dashboard: "Because Apache does not serve content from a root user, users must run the dashboard as an Identity Service user with sudo privileges." I haven't taken any manual steps to make this happen. So should I give horizon sudo privileges? On the right track?

Daniel P gravatar imageDaniel P ( 2014-05-21 08:08:24 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-05-20 08:20:44 -0500

Seen: 658 times

Last updated: May 23 '14

Related questions

How to setup Keystone with Https

How to specify https configuration for Heat?

Adding ssl to keystone API

Openstack Icehouse single-node deployment.

icehouse - lbaas with citrix netscaler

Creating Sahara cluster: Error attach volume to instance [closed]

Testing Juno inside Icehouse

SSL Traffic from network node to VM

keystone ssl certificate expires after one year

how to get ubuntu desktop in vm