Proper SSL cert for fed-cloud09?
Kevin Fenzi
kevin at scrye.com
Thu Feb 5 00:13:53 UTC 2015
On Wed, 04 Feb 2015 18:07:03 +0100
Miroslav Suchý <msuchy at redhat.com> wrote:
> When I do:
> [root at fed-cloud09 ~(keystone_admin)]# cinder type-list
> ERROR: Unable to establish connection: [Errno 1] _ssl.c:504:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed
>
> Which just transit to:
> [root at fed-cloud09 ~(keystone_admin)]# curl -i
> https://fed-cloud09.cloud.fedoraproject.org/ curl: (60) Peer's
> certificate issuer has been marked as not trusted by the user.
>
> Is it time to get SSL cert signed by some CA?
> However I would swear I had not this problems yesterday. But it
> behaves this way even if I revert my work.
>
> Comments are welcome.
Odd. Wonder why it would complain now when it didn't before. ;(
In any case, I think it would be good to get a real cert, but
fed-cloud09 seems kind of off to me.
Could we instead call it 'openstack.cloud.fedoraproject.org' or
'controller.cloud.fedoraproject.org' or something? Not sure if that
needs us to rename/reinstall the node, or can just be done in the
cert...
Along those same lines, how about we move the existing host playbooks
to a group/openstack-controller.yml (currently just fed-cloud09, but
I'd like to see if we can allocate one machine moving forward to be
our test for the 'next' openstack) and group/openstack-compute.yml
(fed-cloud10/11, but some more will be installed next week) to make them
more generic and ready for more nodes?
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20150204/4d9cc294/attachment.sig>
More information about the infrastructure
mailing list