Ask Your Question
0

which is correct ssl section for kilo version

asked 2015-05-29 08:06:26 -0500

deeghuge gravatar image

Hello, After updating the [ssl] section, there was following warning in logs.

2015-05-29 18:28:21.030 17187 WARNING oslo_config.cfg [-] Option "ca_certs" from group "ssl" is deprecated. Use option "ca_certs" from group "eventlet_server_ssl".
2015-05-29 18:28:21.031 17187 WARNING oslo_config.cfg [-] Option "ca_certs" from group "eventlet_server_ssl" is deprecated for removal.  Its value may be silently ignored in the future.
2015-05-29 18:28:21.031 17187 WARNING oslo_config.cfg [-] Option "certfile" from group "ssl" is deprecated. Use option "certfile" from group "eventlet_server_ssl".
2015-05-29 18:28:21.031 17187 WARNING oslo_config.cfg [-] Option "certfile" from group "eventlet_server_ssl" is deprecated for removal.  Its value may be silently ignored in the future.
2015-05-29 18:28:21.032 17187 WARNING oslo_config.cfg [-] Option "keyfile" from group "ssl" is deprecated. Use option "keyfile" from group "eventlet_server_ssl".
2015-05-29 18:28:21.032 17187 WARNING oslo_config.cfg [-] Option "keyfile" from group "eventlet_server_ssl" is deprecated for removal.  Its value may be silently ignored in the future.

As the warning says update the section [eventlet_server_ssl] for ssl, I updated same but it also giving following warning.

2015-05-29 18:25:41.046 13604 WARNING oslo_config.cfg [-] Option "certfile" from group "eventlet_server_ssl" is deprecated for removal.  Its value may be silently ignored in the future.
2015-05-29 18:25:41.047 13604 WARNING oslo_config.cfg [-] Option "keyfile" from group "eventlet_server_ssl" is deprecated for removal.  Its value may be silently ignored in the future.
2015-05-29 18:25:41.048 13604 WARNING oslo_config.cfg [-] Option "ca_certs" from group "eventlet_server_ssl" is deprecated for removal.  Its value may be silently ignored in the future.

Which is the correct section to update for ssl ? [ssl] or [eventlet_server_ssl] ?

And is there any way to disable these warning ?

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-05-29 10:12:04 -0500

Running under eventlet is depreacted. Run under apache and configure SSL in apache.

edit flag offensive delete link more

Comments

Yes, It is the ultimate solution. But just wanted to know what is the correct section for ssl in eventlet configuration.

deeghuge gravatar imagedeeghuge ( 2015-05-29 13:15:40 -0500 )edit
0

answered 2015-07-10 15:14:47 -0500

Stephanie Fuller gravatar image

I think it is the [signing] section. See http://docs.openstack.org/admin-guide...

The [ssl] section also looks enticing, but I think that is also deprecated along with eventlet_server... See http://docs.openstack.org/kilo/config... the 4th link in the Contents.

edit flag offensive delete link more

Comments

I don't think it is correct. signing section is for PKI certificates. If you still want to use eventlet with ssl, you need to use ssl section

Haneef Ali gravatar imageHaneef Ali ( 2015-07-13 13:51:34 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-05-29 08:06:26 -0500

Seen: 187 times

Last updated: Jul 10 '15