zhangyangyang aecc165a58 Remove deprecated TrustedFilter

The TrustedFilter and the related trusted_computing config options
were deprecated in Pike:

  If6e53feeb97e6050c1eb7962110ed89504c952fc

Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>

Change-Id: I0a7ab3a4fb2cfad567a8644bed4de574393ee11a

2017-11-28 14:54:31 -05:00

987 B

Raw Blame History

Security hardening

OpenStack Compute can be integrated with various third-party technologies to increase security. For more information, see the OpenStack Security Guide.

Encrypt Compute metadata traffic

Enabling SSL encryption

OpenStack supports encrypting Compute metadata traffic with HTTPS. Enable SSL encryption in the metadata_agent.ini file.

Enable the HTTPS protocol.
```
nova_metadata_protocol = https
```
Determine whether insecure SSL connections are accepted for Compute metadata server requests. The default value is False.
```
nova_metadata_insecure = False
```
Specify the path to the client certificate.
```
nova_client_cert = PATH_TO_CERT
```
Specify the path to the private key.
```
nova_client_priv_key = PATH_TO_KEY
```

987 B Raw Blame History

Security hardening

Encrypt Compute metadata traffic

987 B

Raw Blame History