Adding Self-Signed Certificate for Heat and Cinder API Service Endpoints

Configuring Self-Signed Certificate for Heat API Service endpoints 

  • Update /etc/heat/heat.conf 

[DEFAULT] 

heat_metadata_server_url = https://controller:8000 

heat_waitcondition_server_url = https://controller:8000/v1/waitcondition 

[clients_keystone] 

auth_uri = https://controller:35357 

cert_file =  /etc/ssl/client.pem 

key_file =  /etc/ssl/client-key.pem 

insecure = true 

[ec2authtoken] 

auth_uri = https://controller:5000/v3 

cert_file =  /etc/ssl/client.pem 

key_file =  /etc/ssl/client-key.pem 

insecure = true 

[heat_api] 

cert_file = /etc/ssl/client.pem 

key_file = /etc/ssl/client-key.pem 

[keystone_authtoken] 

auth_uri = https://controller:5000 

auth_url = https://controller:35357 

certfile =  /etc/ssl/client.pem 

keyfile =  /etc/ssl/client-key.pem 

insecure = true 

[trustee] 

auth_url = https://controller:35357 

  • After this, make the changes in endpoint urls from http to https in Database or recreate the endpoints with https url. Then, populate the keystone database by using this command su -s /bin/sh -c “keystone-manage db_sync” keystone and restart heat Services. 
  • Check this configuration by issuing this command openstack orchestration service list insecure 

Configuring Self-Signed Certificate for Cinder API Service endpoints 

  • Update /etc/cinder/cinder.conf 

  [keystone_authtoken] 

  cert = /etc/apache2/ssl/client.pem 

  key = /etc/apache2/ssl/apache-key.pem 

  insecure = true 

  • Update /etc/nova/nova.conf 

 [cinder] 

 certfile = /etc/apache2/ssl/client.pem  

 keyfile =  /etc/apache2/ssl/apache-key.pem 

 insecure = true 

  • Update  /etc/apache2/conf-enabled/cinder-wsgi.conf  
  • In /etc/apache2/conf-enabled/ location cinder-wsgi.conf will be available, this file is used to configure Self-Signed Certificate for Cinder API service endpoints 
  • Add the client.pem and client-key.pem in  <VirtualHost *:8776>      
  • After this, make the changes in endpoint urls from http to https in Database or recreate the endpoints with https url .Then, populate the keystone database by using this command su -s /bin/sh -c “keystone-manage db_sync” keystone and restart cinder services. 
  • Check this configuration by issuing this command openstack volume service list –insecure 

In Next post we will see about configuring Self-Signed Certificate for Horizon (Dashboard Service)

Posts created 12

3 thoughts on “Adding Self-Signed Certificate for Heat and Cinder API Service Endpoints

  1. Howdy just wanted to give you a quick heads up.
    The words in your post seem to be running off the screen in Firefox.
    I’m not sure if this is a format issue or something to do with web browser compatibility but
    I figured I’d post to let you know. The layout look great though!
    Hope you get the problem resolved soon. Cheers I could not
    resist commenting. Exceptionally well written! Woah!

    I’m really enjoying the template/theme of this website.
    It’s simple, yet effective. A lot of times it’s very difficult to
    get that “perfect balance” between usability and visual
    appearance. I must say that you’ve done a superb job with this.

    Also, the blog loads super quick for me on Firefox.

    Superb Blog! http://samsung.com

  2. I¡¦ve learn a few just right stuff here. Certainly price bookmarking for revisiting. I surprise how a lot effort you set to make this sort of magnificent informative site.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top