[Solved] keystone ssl port closed...Why?
hi people, on my enviroment (centos7, openstack modular installation of Juno)i have installed keystone to run behind the httpd server(with https enabled)!
At the moment, if i try to contact a keystone endpoint i recive an conncection error,
keystone endpoint-list
Authorization Failed: Unable to establish connection to http://controller:35357/v2.0/tokens
If i try to scanning the keystone's ports(public/admin) by nmap i obtain that both are closed
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
5000/tcp closed upnp
35357/tcp closed unknown
443/tcp open https
the firewall service is not used, why i'm in this situation?
Furthermore, about the keystone's endpoint, how can l change the url? Manually from db change http:// to https:// o there is a better way?
Thanks to everyone
_____________UPDATE_____________
To keystone's endpoint (only keystone's endpoint) i set it in mysql at keystone db:
UPDATE endpoint SET url = REPLACE (url, 'http','https') where legacy_endpoint_id= "KEYSTONE_ID"
In the keystone.conf i've set
[ssl]
enable = True
certfile = /etc/keystone/ssl/cert/keystone.pem
keyfile = /etc/keystone/ssl/private/keystonekey.pem
ca_certs = /etc/keystone/ssl/cert/ca.pem
cert_required = True
like as doc http://docs.openstack.org/admin-guide...
The service keystone is down, and if i try to restart it, i have this error, but /var/log/keystone.log is empty...
(to enlarge the picture right click and view the image)
Why? :(