1、制作ssl证书
# cd /etc/pki/tls/certs [[email protected] certs]# make vnc.key Enter pass phrase:# 输入密码 Verifying - Enter pass phrase:#确认
# 从private key 中删除密码
# openssl rsa -in vnc.key -out vnc.key # make vnc.csr Country Name (2 letter code) [XX]:CN# 国家 State or Province Name (full name) []:shanghai # 省 Locality Name (eg, city) [Default City]: shanghai # 市 Organization Name (eg, company) [Default Company Ltd]:openstack # 公司 Organizational Unit Name (eg, section) []:Server World # 部门 Common Name (eg, your name or your server‘s hostname) []:www.srv.world # 主机名 Email Address []:[email protected] # 邮箱 Please enter the following ‘extra‘ attributes to be sent with your certificate request A challenge password []:#回车 An optional company name []:# Enter
# openssl x509 -in vnc.csr -out vnc.crt -req -signkey vnc.key -days 3650 Signature ok subject=/C=CN/ST=shanghai/L=shanghai/O=openstack/OU=computer/CN=www.openstack.com/[email protected] Getting Private key
2、拷贝证书:
# cp -a vnc.key /etc/pki/tls/private
3、赋予权限:
# chown nova:nova /etc/pki/tls/private/vnc.key # chown nova:nova /etc/pki/tls/certs/vnc.crt
4、在controller上配置nova.conf
[DEFAULT] ssl_only=True cert=/etc/pki/tls/certs/vnc.crt key=/etc/pki/tls/private/vnc.key [vnc] novncproxy_base_url = https://192.168.8.100:6080/vnc_auto.html
5、在computer上配置nova.conf
[vnc] novncproxy_base_url = https://192.168.8.100:6080/vnc_auto.html
6、controller重启nova服务
# systemctl | grep nova | awk -F " " ‘{print$1}‘ | xargs systemctl restart
7、Computer上重启服务
# systemctl | grep nova | awk -F " " ‘{print$1}‘ | xargs systemctl restart
8、验证:
时间: 2024-10-21 10:56:01