[Rdo-list] securing services

Rob Crittenden rcritten at redhat.com
Thu Jun 20 15:22:06 UTC 2013


Dave Neary wrote:
> Hi,
>
> You might be interested in this presentation from Adam Young during the
> last OpenStack Summit - it addresses many of your questions, I think:
> https://www.youtube.com/watch?v=ueYUsYky_UI

I've seen it, thanks.

My question was really postgres vs mysql. It seem that most Fedora 
Openstack docs recommend using postgres and yet most upstream and RDO 
use mysql, so I was just trying to target my initial efforts 
appropriately. I think Adam would prefer I work on postgres first.

The ultimate goal is to come up with some puppet scripts that can be run 
after enrolling an Openstack host into IPA that will secure its 
services. This is going to be fairly simple in the one-host environment 
I'm starting on, more complex when services are running on separate 
machines. This will be my first foray into puppet.

thanks

rob

>
> Cheers,
> Dave.
>
> On 06/19/2013 07:10 PM, Rob Crittenden wrote:
>> I'm looking at adding security to some of the system services using Red
>> Hat Identity Management (FreeIPA upstream). This is initially going to
>> be SSL for some, Kerberos for others. For a first round effort this
>> won't include using Kerberos to authenticate users to Keystone (a much
>> bigger hammer is needed for that).
>>
>> I'm looking at adding SSL to Apache and Kerberos to qpid.
>>
>> What about the database? I can add SSL to mysql and Kerberos to
>> postgres, should I support both? What is the preferred SQL database for
>> RHOS?
>>
>> rob
>>
>> _______________________________________________
>> Rdo-list mailing list
>> Rdo-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rdo-list
>




More information about the dev mailing list