장영호- 환경
– 운영 체제 : Ubuntu 20.04 LTS
– 오픈 스택 버전 : victoria
– http 운영중 https 변경. - 변경 과정
– 아파치 ssl 활성화# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
systemctl restart apache2# systemctl restart apache2
# apachectl -M |grep ssl
ssl_module (shared)– db에서 endpoint url 변경
# mysql
MariaDB [(none)]> use keystone
MariaDB [keystone]> update endpoint set url=’https://jyh-controller:5000/v3/’ where url=’http://jyh-controller:5000/v3/’;
Query OK, 3 rows affected (0.008 sec)
Rows matched: 3 Changed: 3 Warnings: 0MariaDB [keystone]> select * from endpoint where url like ‘%5000%’;
+———————————-+——————–+———–+———————————-+———————————+——-+———+———–+
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
+———————————-+——————–+———–+———————————-+———————————+——-+———+———–+
| 6c5dcfa5f2aa4f2d85cdf8d846e4a1bd | NULL | internal | b5fffc465f9c4fea81bdab3058f1013a | https://jyh-controller:5000/v3/ | {} | 1 | jyh |
| f77a5f2f4696476ebd9a2eb4f277c553 | NULL | admin | b5fffc465f9c4fea81bdab3058f1013a | https://jyh-controller:5000/v3/ | {} | 1 | jyh |
| fea63c9cc9024c4f8a856ac172fe8385 | NULL | public | b5fffc465f9c4fea81bdab3058f1013a | https://jyh-controller:5000/v3/ | {} | 1 | jyh |
+———————————-+——————–+———–+———————————-+———————————+——-+———+———–+
3 rows in set (0.001 sec)– apache keystone.conf 파일 수정
# cat /etc/apache2/sites-enabled/keystone.conf .. ..
SSLHonorCipherOrder on
SSLCertificateFile “/etc/ssl/jyh/jyh.crt”
SSLCertificateKeyFile “/etc/ssl/jyh/jyh.key”
SSLCertificateChainFile “/etc/ssl/jyh/jyh-rootca.crt”
..
..– 오픈 스택 관련된 conf 파일들 모두 수정
# cat /etc/placement/placement.conf |grep 5000
auth_url = https://jyh-controller:5000/v3# cat /etc/glance/glance-api.conf |grep 5000
www_authenticate_uri = https://jyh-controller:5000
auth_url = https://jyh-controller:5000# cat /etc/nova/nova.conf|grep 5000
www_authenticate_uri = https://jyh-controller:5000/
auth_url = https://jyh-controller:5000/
auth_url = https://jyh-controller:5000
auth_url = https://jyh-controller:5000/v3
..
..– 오픈 스택 관련 서비스 재시작 및 확인
# systemctl restart apache2.service glance-api.service nova-api.service … …
# openstack token issue
+————+——————————————————————————-…
| Field | Value
+————+——————————————————————————-…
| expires | 2023-01-26T09:38:49+0000
| id | gAAAAABj0icBTAK-oiT1cIgdjIz2YD1CxlFV-VDysZBFNYRWCkBW9aseXqbQbt-XrDhxNhHt3B0-Jp…
| project_id | 39a7e2a20cd445e3970f96f6e60a6d9e
| user_id | fa426b774a614888a6ff56d86f128201
+————+——————————————————————————-…
팀장님 화이팅