Changes between Version 2 and Version 3 of GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys
- Timestamp:
- 05/21/15 13:29:36 (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys
v2 v3 16 16 }}} 17 17 18 Create the signing_cert 18 19 {{{ 19 20 openssl ca -config openssl.conf -keyfile cakey.pem -cert ca.pem -in signing_cer\ … … 22 23 y 23 24 }}} 24 25 Change the permissions of the new cert: 25 Move the signing key and change ownership: 26 {{{ 27 mv signing_key.pem ../private 26 28 chown keystone.keystone signing_cert_new.pem 27 28 29 29 sudo keystone-manage pki_setup --keystone-user keystone --keystone-group keystone 30 }}} 30 31 31 32 … … 43 44 cp /etc/keystone/ssl/certs/ca.pem /var/lib/glance/keystone-signing/cacert.pem 44 45 cp /etc/keystone/ssl/certs/signing_cert.pem /var/lib/glance/keystone-signing/signing_cert.pem 46 sudo chown glance.glance /var/lib/glance/keystone-signing/cacert.pem 47 sudo chown glance.glance /var/lib/glance/keystone-signing/signing_cert.pem 45 48 restart glance-api 46 49 restart glance-registry 47 50 }}} 48 51 52 You may need to change the ownership of the certs (other than glance) to keystone.keystone 49 53 54 Glance's certs must be glance.glance 50 55