Changes between Version 2 and Version 3 of GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys


Ignore:
Timestamp:
05/21/15 13:29:36 (6 years ago)
Author:
sdabideen@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIRacksHome/OpenGENIRacks/RenewKeystoneKeys

    v2 v3  
    1616}}}
    1717
     18Create the signing_cert
    1819{{{
    1920openssl ca -config openssl.conf -keyfile cakey.pem -cert ca.pem -in signing_cer\
     
    2223y
    2324}}}
    24 
    25 Change the permissions of the new cert:
     25Move the signing key and change ownership:
     26{{{
     27mv signing_key.pem ../private
    2628chown keystone.keystone signing_cert_new.pem
    27 
    28 
    2929sudo keystone-manage pki_setup  --keystone-user keystone --keystone-group keystone
     30}}}
    3031
    3132
     
    4344cp /etc/keystone/ssl/certs/ca.pem /var/lib/glance/keystone-signing/cacert.pem
    4445cp /etc/keystone/ssl/certs/signing_cert.pem /var/lib/glance/keystone-signing/signing_cert.pem
     46sudo chown glance.glance /var/lib/glance/keystone-signing/cacert.pem
     47sudo chown glance.glance /var/lib/glance/keystone-signing/signing_cert.pem
    4548restart glance-api
    4649restart glance-registry
    4750}}}
    4851
     52You may need to change the ownership of the certs (other than glance) to keystone.keystone
    4953
     54Glance's certs must be glance.glance
    5055