Configure nova, cinder, glance, swift and neutron to use SSL on the endpoints using either SSL natively or via a TLS proxy using stud. To enable SSL via proxy, in local.conf add ENABLED_SERVICES+=,tls-proxy This will create a new test root CA, a subordinate CA and an SSL server cert. It uses the value of hostname -f for the certificate subject. The CA certicates are also added to the system CA bundle. To enable SSL natively, in local.conf add: USE_SSL=True Native SSL by default will also use the devstack-generate root and subordinate CA. You can override this on a per-service basis by setting <SERVICE>_SSL_CERT=/path/to/cert <SERVICE>_SSL_KEY=/path/to/key <SERVICE>_SSL_PATH=/path/to/ca You should also set SERVICE_HOST to the FQDN of the host. This value defaults to the host IP address. Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac Closes-Bug: 1328226
37 lines
1.1 KiB
37 lines
1.1 KiB
<VirtualHost *:%PUBLICPORT%>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIApplicationGroup %{GLOBAL}
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log combined
<VirtualHost *:%ADMINPORT%>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log combined
# Workaround for missing path on RHEL6, see
# https://bugzilla.redhat.com/show_bug.cgi?id=1121019
WSGISocketPrefix /var/run/%APACHE_NAME%