| *** ekultails has quit IRC | 01:20 | |
| *** ricolin has joined #heat | 01:30 | |
| *** neatherweb has joined #heat | 01:43 | |
| *** hongbin has joined #heat | 02:07 | |
| *** k_mouza has joined #heat | 02:33 | |
| *** k_mouza has quit IRC | 02:38 | |
| *** maddtux has joined #heat | 03:00 | |
| *** skramaja has joined #heat | 03:54 | |
| *** skramaja_ has joined #heat | 03:58 | |
| *** skramaja has quit IRC | 03:59 | |
| *** ricolin has quit IRC | 04:05 | |
| *** ramishra has joined #heat | 04:09 | |
| *** ricolin has joined #heat | 05:02 | |
| *** hongbin has quit IRC | 05:44 | |
| *** ramishra_ has joined #heat | 06:00 | |
| *** ramishra has quit IRC | 06:01 | |
| *** _fragatina has quit IRC | 06:12 | |
| *** ramishra_ is now known as ramishra | 06:17 | |
| *** _fragatina has joined #heat | 06:22 | |
| *** e0ne has joined #heat | 06:29 | |
| *** _fragatina has quit IRC | 06:37 | |
| *** e0ne has quit IRC | 06:46 | |
| *** _fragatina has joined #heat | 06:48 | |
| *** neatherweb has quit IRC | 07:27 | |
| *** jtomasek has joined #heat | 07:35 | |
| *** jtomasek has quit IRC | 07:39 | |
| *** jtomasek has joined #heat | 07:44 | |
| *** _fragatina has quit IRC | 07:57 | |
| *** e0ne has joined #heat | 08:05 | |
| *** ramishra has quit IRC | 08:08 | |
| *** e0ne has quit IRC | 08:08 | |
| *** gkadam has joined #heat | 08:10 | |
| *** gkadam is now known as gkadam-brb | 08:11 | |
| *** e0ne has joined #heat | 08:18 | |
| *** e0ne has quit IRC | 08:18 | |
| *** ramishra has joined #heat | 08:18 | |
| *** gkadam-brb is now known as gkadam | 08:20 | |
| *** e0ne has joined #heat | 08:29 | |
| *** e0ne has quit IRC | 08:35 | |
| *** maddtux_ has joined #heat | 08:57 | |
| *** maddtux has quit IRC | 08:59 | |
| *** mikecmpbll has joined #heat | 09:04 | |
| *** aiyengar__ has joined #heat | 09:09 | |
| *** maddtux_ has quit IRC | 09:11 | |
| *** k_mouza has joined #heat | 09:24 | |
| *** hjensas has joined #heat | 09:32 | |
| *** gkadam has quit IRC | 09:51 | |
| *** gkadam has joined #heat | 09:51 | |
| *** k_mouza has quit IRC | 10:04 | |
| *** aiyengar__ has quit IRC | 10:31 | |
| *** k_mouza has joined #heat | 10:34 | |
| *** k_mouza has quit IRC | 10:34 | |
| *** k_mouza has joined #heat | 10:34 | |
| *** maddtux has joined #heat | 10:35 | |
| *** openstackgerrit has joined #heat | 10:40 | |
| openstackgerrit | Rabi Mishra proposed openstack/heat master: WIP Make stack check convergence aware https://review.openstack.org/636916 | 10:40 |
|---|---|---|
| *** matoef1 has joined #heat | 10:53 | |
| *** mikecmpb_ has joined #heat | 10:54 | |
| *** mikecmpbll has quit IRC | 10:54 | |
| matoef1 | Hi folks, | 11:04 |
| matoef1 | I would like to enable SSL on my DevStack with magnum (v2.9.2) and heat (v1.14.0) plugins. | 11:04 |
| matoef1 | 11:04 | |
| matoef1 | I used command `enable_service tls-proxy` in DevStack conf. | 11:04 |
| matoef1 | This command enables TLS proxy for all endpoints except HEAT. | 11:04 |
| *** matoef1 has quit IRC | 11:04 | |
| *** matoef1 has joined #heat | 11:06 | |
| matoef1 | Hi folks, I would like to enable SSL on my DevStack with magnum (v2.9.2) and heat (v1.14.0) plugins. I used command `enable_service tls-proxy` in DevStack conf. This command enables TLS proxy for all endpoints except HEAT. ``` stack@devstack-vm-36:~$ openstack endpoint list +----------------------------------+-----------+--------------+-----------------+---------+-----------+------------------------------------------------+ | ID | 11:07 |
| matoef1 | Hi folks, | 11:08 |
| matoef1 | I would like to enable SSL on my DevStack with magnum (v2.9.2) and heat (v1.14.0) plugins. | 11:08 |
| matoef1 | I used command `enable_service tls-proxy` in DevStack conf. This command enables TLS proxy for all endpoints except HEAT. | 11:08 |
| matoef1 | I tried to change HEAT configuration via heat.conf file but without any success. | 11:09 |
| matoef1 | ``` | 11:09 |
| matoef1 | [heat_api] | 11:09 |
| matoef1 | workers = 2 | 11:09 |
| matoef1 | bind_port = 8004 | 11:09 |
| matoef1 | cert_file = /opt/stack/data/devstack-crt.crt | 11:09 |
| matoef1 | key_file = /opt/stack/data/devstack-key.pem | 11:09 |
| matoef1 | [heat_api_cfn] | 11:09 |
| matoef1 | bind_port = 8000 | 11:09 |
| matoef1 | cert_file = /opt/stack/data/devstack-crt.crt | 11:09 |
| matoef1 | key_file = /opt/stack/data/devstack-key.pem | 11:09 |
| matoef1 | [ssl] | 11:09 |
| matoef1 | ca_file = /opt/stack/data/ca-bundle.pem | 11:10 |
| matoef1 | cert_file = /opt/stack/data/devstack-crt.crt | 11:10 |
| matoef1 | key_file = /opt/stack/data/devstack-key.pem | 11:10 |
| matoef1 | ``` | 11:10 |
| matoef1 | How can I enable SSL also for HEAT endpoints ? | 11:10 |
| matoef1 | Many Thanks | 11:10 |
| matoef1 | Hi folks, I would like to enable SSL on my DevStack with magnum (v2.9.2) and heat (v1.14.0) plugins. I used command `enable_service tls-proxy` in DevStack conf. This command enables TLS proxy for all endpoints except HEAT. http://paste.openstack.org/show/745083/ I tried to change HEAT configuration via heat.conf file but without any success. http://paste.openstack.org/show/745084/ How can I enable SSL also for HEAT endpoints ? | 11:20 |
| matoef1 | Many Thanks | 11:20 |
| ramishra | matoef1: I don't think we support tls-proxy, I thought there was native SSL support with USE_SSL=True in local.conf. But can't find anything related. But you can try SERVICE_PROTOCOL=https in local.conf, it may work, never tested it, so don't know | 11:30 |
| matoef1 | ramishra: Thank you. I will try USE_SSL=True. But What is the purpose of `cert_file` and `key_file` variables in heat.conf file ? | 12:16 |
| matoef1 | And also [ssl] group ? | 12:16 |
| *** k_mouza_ has joined #heat | 12:17 | |
| *** k_mouza has quit IRC | 12:20 | |
| *** skramaja has joined #heat | 12:22 | |
| *** skramaja_ has quit IRC | 12:23 | |
| *** _fragatina has joined #heat | 12:30 | |
| ramishra | matoef1: those are cert/key locations for heat_api/heat_api_cfn to use. I think [ssl] keys are for oslo.service, those would be ignored | 12:37 |
| ramishra | matoef1: heat talks to other services, so there are client options too | 12:37 |
| ramishra | but your issue AFAICT is the endpoints are not added to keystone with the correct SERVICE_PROTOCOL with devstack | 12:38 |
| *** hjensas has quit IRC | 12:39 | |
| ramishra | If all your services are using https, then you can try setting SERVICE_PROTOCOL, but I can't say that it would work:) | 12:39 |
| matoef1 | ramishra: Thanks for explanations, So I will try SERVICE_PROTOCOL and let you know:), thanks | 12:40 |
| *** ekultails has joined #heat | 13:01 | |
| *** k_mouza_ has quit IRC | 13:01 | |
| *** k_mouza has joined #heat | 13:08 | |
| *** skramaja_ has joined #heat | 13:11 | |
| *** skramaja has quit IRC | 13:12 | |
| *** maddtux has quit IRC | 13:13 | |
| openstackgerrit | Merged openstack/heat master: Translate tenant_id to project_id in Octavia loadbalancer resource https://review.openstack.org/625597 | 13:30 |
| matoef1 | ramishra: SERVICE_PROTOCOL variable works ! Thank you !. Now I have enabled SSL on all HEAT endpoints. Unfortunately, I fell into another issue http://paste.openstack.org/show/745098/ | 13:42 |
| matoef1 | I think user_data value is still encrypted when it comes into HEAT. | 13:43 |
| ramishra | matoef1: I think that's coming from nova, checking nova api logs would help, may be the data is large, AFAIK there is a limit or something | 13:50 |
| ramishra | gotta go, late for me | 13:50 |
| *** jmlowe has quit IRC | 13:54 | |
| *** matoef1 has quit IRC | 14:23 | |
| *** jmlowe has joined #heat | 14:25 | |
| *** ekultails has quit IRC | 14:34 | |
| *** gfidente has joined #heat | 14:41 | |
| *** skramaja_ has quit IRC | 14:46 | |
| *** ekultails has joined #heat | 14:53 | |
| *** mchlumsky has joined #heat | 14:57 | |
| *** hjensas has joined #heat | 15:16 | |
| *** gkadam has quit IRC | 15:30 | |
| *** gfidente has quit IRC | 15:56 | |
| *** ramishra has quit IRC | 16:07 | |
| *** ricolin_ has joined #heat | 16:14 | |
| *** ricolin has quit IRC | 16:16 | |
| *** _fragatina has quit IRC | 17:03 | |
| *** _fragatina has joined #heat | 17:06 | |
| *** mikecmpb_ has quit IRC | 17:36 | |
| *** k_mouza_ has joined #heat | 17:48 | |
| *** k_mouza has quit IRC | 17:50 | |
| *** k_mouza_ has quit IRC | 17:52 | |
| *** jmlowe has quit IRC | 17:57 | |
| *** ricolin_ has quit IRC | 18:19 | |
| *** ricolin_ has joined #heat | 18:20 | |
| *** ricolin_ has quit IRC | 18:25 | |
| *** shardy has quit IRC | 18:40 | |
| *** sshnaidm is now known as sshnaidm|off | 18:47 | |
| *** mikecmpbll has joined #heat | 20:01 | |
| *** _fragatina has quit IRC | 20:02 | |
| *** jmlowe has joined #heat | 20:07 | |
| *** mchlumsky has quit IRC | 20:15 | |
| *** k_mouza has joined #heat | 20:20 | |
| *** e0ne has joined #heat | 20:21 | |
| *** _fragatina has joined #heat | 21:15 | |
| *** k_mouza has quit IRC | 21:19 | |
| *** jtomasek has quit IRC | 21:23 | |
| -openstackstatus- NOTICE: Jobs are failing due to ssh host key mismatches caused by duplicate IPs in a test cloud region. We are disabling the region and will let you know when jobs can be rechecked. | 21:30 | |
| *** jtomasek has joined #heat | 21:32 | |
| *** hjensas has quit IRC | 21:33 | |
| *** e0ne has quit IRC | 21:48 | |
| *** jtomasek has quit IRC | 21:54 | |
| *** ekultails has quit IRC | 21:57 | |
| -openstackstatus- NOTICE: The test cloud region using duplicate IPs has been removed from nodepool. Jobs can be rechecked now. | 22:12 | |
| *** hjensas has joined #heat | 23:10 | |
| *** neatherweb has joined #heat | 23:22 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!