SSL enabled haproxy causes services to fail

asked 2015-12-14 11:03:15 -0500

Hello all. This is my first post here, lets see how it goes :)

I am running Juno, multinode. Everything works fine, and now need to SSL enable my haproxy, and terminate SSL at the proxy. Have only SSL enabled the keystone component, just to keep it simple... I thought. Changed endpoint to https, changed all relevant configuration items in control nodes, nova-api/glance/cinder etc...

Keystone endpoint-list and other keystone commands work fine. But glance image-list or nova cmd's all fail. They are able to connect to keystone and get a token, but after that everything else fails. The keystone logs say:

DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. Process_request /usr/lib/pything/etc......

A glance image-list command would yield a:

Request returned failure status 401. Invalid OpenStack Identity credentials.

A nova list command would yield a: ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID: req-a83d0-xxxxxxxxxxxxx)

All non keystone commands fail, and the keystone logs produce the same errors as shown above. It would seem to me that the token/UUID isn't being sent back with the actual command to glance-api. I can see this with the debug flag. Has anyone seen this type of error before?

Thanks in advance for any wisdom

Cheers!

edit retag flag offensive close merge delete