Update SSL configuration chapter with valid info.
Change-Id: I43e079e58a26a1d2d6435b28751f08d8c9ca44c5
This commit is contained in:
Ekaterina Fedorova
@@ -200,8 +200,17 @@ port = 5672
|
|||||||
virtual_host = murano
|
virtual_host = murano
|
||||||
login = murano
|
login = murano
|
||||||
password = murano
|
password = murano
|
||||||
|
ssl = False
|
||||||
|
ca_certs =
|
||||||
|
|
||||||
|
[ssl]
|
||||||
|
cert_file = /path/to/certfile
|
||||||
|
key_file = /path/to/keyfile
|
||||||
|
ca_file = /path/to/cafile
|
||||||
|
|
||||||
]]>
|
]]>
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
<para> For more information how to configure SSL take a look at <link linkend="ssl"> SSL configuration chapter </link></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Edit one more configuration file:</para>
|
<para>Edit one more configuration file:</para>
|
||||||
@@ -245,6 +254,7 @@ signing_dir = /tmp/keystone-signing-muranoapi
|
|||||||
<para>Register murano-api service in Openstack
|
<para>Register murano-api service in Openstack
|
||||||
(note: you need to be authorized in Openstack to run this commands)
|
(note: you need to be authorized in Openstack to run this commands)
|
||||||
</para>
|
</para>
|
||||||
|
<anchor id="murano_api_endpoint"></anchor>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<![CDATA[
|
<![CDATA[
|
||||||
user@work:~/$ keystone service-create --name muranoapi --type murano --description "Murano-Api Service"
|
user@work:~/$ keystone service-create --name muranoapi --type murano --description "Murano-Api Service"
|
||||||
@@ -532,51 +542,50 @@ service murano-api start
|
|||||||
<section>
|
<section>
|
||||||
<title>HTTPS for Murano API</title>
|
<title>HTTPS for Murano API</title>
|
||||||
<para>
|
<para>
|
||||||
SSL for Murano API service
|
SSL for Murano API service can be configured in <emphasis>ssl</emphasis> section in
|
||||||
can be enabled in <emphasis>ssl</emphasis> section in
|
<emphasis>/etc/murano-api/murano-api.conf</emphasis>. Just point to a valid SSL certificate.
|
||||||
<emphasis>/etc/murano-api/murano-api.conf</emphasis>. The use of SSL is
|
See the example below:
|
||||||
automatically implemented by using a URL starting with HTTPS instead of HTTP.
|
|
||||||
SSL configuration example using the included sample certificates:
|
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<![CDATA[
|
<![CDATA[
|
||||||
[ssl]
|
[ssl]
|
||||||
enable = True
|
cert_file = PATH
|
||||||
certfile = <path to keystone.pem>
|
key_file=PATH = PATH
|
||||||
keyfile = <path to keystone.pem>
|
ca_file=PATH
|
||||||
ca_certs = <path to ca.pem>
|
|
||||||
cert_required = True
|
|
||||||
]]>
|
]]>
|
||||||
</programlisting>
|
</programlisting>
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<emphasis>enable:</emphasis> True enables SSL. Defaults to False.
|
<emphasis>cert_file=PATH:</emphasis>
|
||||||
|
Path to the certificate file the server should use when binding to an SSL-wrapped socket.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<emphasis>certfile:</emphasis> Path to Keystone public certificate file.
|
<emphasis> key_file=PATH:</emphasis> Path to the private key file the server should
|
||||||
|
use when binding to an SSL-wrapped socket.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<emphasis>keyfile:</emphasis> Path to Keystone private certificate file.
|
<emphasis>ca_file=PATH:</emphasis>
|
||||||
If the private key is included in the certfile, the keyfile maybe omitted.
|
Path to the CA certificate file the server should use to validate
|
||||||
</para>
|
client certificates provided during an SSL handshake. This is
|
||||||
</listitem>
|
ignored if cert_file and "key_file" are not set.
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
<emphasis>ca_certs:</emphasis> Path to CA trust chain.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
<emphasis>cert_required:</emphasis>
|
|
||||||
Requires client certificate. Defaults to False.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
<para>
|
||||||
|
The use of SSL is automatically started after point to HTTPS protocol instead of HTTP during registration Murano API service in endpoints
|
||||||
|
(Change publicurl argument to start with https://). See <link linkend='murano_api_endpoint'>here</link>
|
||||||
|
how to register Murano API in Openstack Keystone.
|
||||||
|
</para>
|
||||||
|
<simpara>
|
||||||
|
SSL for Murano API is implemented like in any other Openstack component.
|
||||||
|
This realization is based on ssl python module so more information about it can be found
|
||||||
|
<link xlink:href="http://docs.python.org/2/library/ssl.html"> here.</link>
|
||||||
|
</simpara>
|
||||||
</section>
|
</section>
|
||||||
<section>
|
<section>
|
||||||
<title>SSL for RabbitMQ</title>
|
<title>SSL for RabbitMQ</title>
|
||||||
|
|||||||
Reference in New Issue
Block a user