On 06/19/2013 01:10 PM, Rob Crittenden wrote:
I'm looking at adding security to some of the system services
using Red
Hat Identity Management (FreeIPA upstream). This is initially going to
be SSL for some, Kerberos for others. For a first round effort this
won't include using Kerberos to authenticate users to Keystone (a much
bigger hammer is needed for that).
I'm looking at adding SSL to Apache and Kerberos to qpid.
Sounds good :)
What about the database? I can add SSL to mysql and Kerberos to
postgres, should I support both? What is the preferred SQL database for
RHOS?
Upstream OpenStack is mostly using mysql. Postgres should work, but is
largely untested.
From an RDO perspective, I would focus on mysql initially as that is
what most people are using and what is working 'out of the box'
RHOS is in a similar situation because of the upstream bias towards
mysql. So ditto for RHOS as well. In fact, mysql is the only
officially supported database in RHOS as of right now (and for the
foreseeable future)
Of course, mariadb will be the natural successor to mysql in Fedora
soon, and we'll support that upstream and in RDO as well. In RHOS it
will take a bit longer for mariadb to get into RHEL, so that may stay on
mysql a bit longer.
Hope that helps :)
Perry