1、制作ssl證書

#?cd?/etc/pki/tls/certs
[root@www?certs]#?make?vnc.key
Enter?pass?phrase:#?輸入密碼
Verifying?-?Enter?pass?phrase:#確認



?# private key 中刪除密碼

#?openssl?rsa?-in?vnc.key?-out?vnc.key
#?make?vnc.csr
Country?Name?(2?letter?code)?[XX]:CN#?國家
State?or?Province?Name?(full?name)?[]:shanghai???#?省
Locality?Name?(eg,?city)?[Default?City]:?shanghai???#?市
Organization?Name?(eg,?company)?[Default?Company?Ltd]:openstack??#?公司
Organizational?Unit?Name?(eg,?section)?[]:Server?World???#?部門
Common?Name?(eg,?your?name?or?your?server's?hostname)?[]:www.srv.world???#?主機名
Email?Address?[]:xxx@srv.world?#?郵箱
Please?enter?the?following?'extra'?attributes
to?be?sent?with?your?certificate?request
A?challenge?password?[]:#回車
An?optional?company?name?[]:#?Enter


?

#?openssl?x509?-in?vnc.csr?-out?vnc.crt?-req?-signkey?vnc.key?-days?3650
Signature?ok
subject=/C=CN/ST=shanghai/L=shanghai/O=openstack/OU=computer/CN=www.openstack.com/emailAddress=example@openstack.com
Getting?Private?key

2、拷貝證書:

#?cp?-a?vnc.key?/etc/pki/tls/private

3、賦予權限:

#?chown?nova:nova??/etc/pki/tls/private/vnc.key
#?chown?nova:nova??/etc/pki/tls/certs/vnc.crt

4、在controller上配置nova.conf

[DEFAULT]
ssl_only=True
cert=/etc/pki/tls/certs/vnc.crt
key=/etc/pki/tls/private/vnc.key
[vnc]
novncproxy_base_url?=?https://192.168.8.100:6080/vnc_auto.html


5、在computer上配置nova.conf

[vnc]
novncproxy_base_url?=?https://192.168.8.100:6080/vnc_auto.html


?

6controller重啟nova服務

#?systemctl?|?grep?nova?|?awk?-F?"?"?'{print$1}'?|?xargs?systemctl?restart

7Computer上重啟服務

#?systemctl?|?grep?nova?|?awk?-F?"?"?'{print$1}'?|?xargs?systemctl?restart

8、驗證:


?

?