[Rdo-list] securing services

Perry Myers pmyers at redhat.com
Thu Jun 20 11:56:08 UTC 2013


On 06/19/2013 01:10 PM, Rob Crittenden wrote:
> I'm looking at adding security to some of the system services using Red
> Hat Identity Management (FreeIPA upstream). This is initially going to
> be SSL for some, Kerberos for others. For a first round effort this
> won't include using Kerberos to authenticate users to Keystone (a much
> bigger hammer is needed for that).
> 
> I'm looking at adding SSL to Apache and Kerberos to qpid.

Sounds good :)

> What about the database? I can add SSL to mysql and Kerberos to
> postgres, should I support both? What is the preferred SQL database for
> RHOS?

Upstream OpenStack is mostly using mysql.  Postgres should work, but is
largely untested.

>From an RDO perspective, I would focus on mysql initially as that is
what most people are using and what is working 'out of the box'

RHOS is in a similar situation because of the upstream bias towards
mysql.  So ditto for RHOS as well.  In fact, mysql is the only
officially supported database in RHOS as of right now (and for the
foreseeable future)

Of course, mariadb will be the natural successor to mysql in Fedora
soon, and we'll support that upstream and in RDO as well.  In RHOS it
will take a bit longer for mariadb to get into RHEL, so that may stay on
mysql a bit longer.

Hope that helps :)

Perry




More information about the dev mailing list