openstack-manuals/doc/admin-guide-cloud/compute/section_compute-security.xml
Martin Lopes 23e7cb7061 Adds HTTPS support for Compute metadata
Adds metadata https configuration settings to the Compute security
hardening section.

Change-Id: I7524f7c5567f1cc34553e67bc314c414320591a4
Closes-Bug: 1310862
2014-04-23 10:05:15 +10:00

46 lines
1.9 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<section version="5.0" xml:id="section-compute-security"
xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:ns5="http://www.w3.org/1999/xhtml"
xmlns:ns4="http://www.w3.org/2000/svg"
xmlns:ns3="http://www.w3.org/1998/Math/MathML"
xmlns:ns="http://docbook.org/ns/docbook">
<title>Security hardening</title>
<para>OpenStack Compute can be integrated with various third-party
technologies to increase security. For more information, see the
<link xlink:href="http://docs.openstack.org/sec/"><citetitle>OpenStack
Security Guide</citetitle></link>.</para>
<xi:include href="../../common/section_trusted-compute-pools.xml"/>
<section xml:id="section_compute_metadata_https">
<title>Encrypt Compute metadata traffic</title>
<para>OpenStack Juno supports encrypting Compute metadata traffic with
HTTPS. Enable SSL encryption in the <filename>metadata_agent.ini</filename>
file:<orderedlist>
<listitem>
<para>Enable the HTTPS protocol:
<programlisting>nova_metadata_protocol = https</programlisting>
</para>
</listitem>
<listitem>
<para>Determine whether insecure SSL connections are accepted for
Compute metadata server requests. The default value is
<option>False</option>:
<programlisting>nova_metadata_insecure = False</programlisting></para>
</listitem>
<listitem>
<para>Specify the path to the client certificate:
<programlisting>
nova_client_cert = <replaceable>PATH_TO_CERT</replaceable></programlisting></para>
</listitem>
<listitem>
<para>Specify the path to the private key:
<programlisting>
nova_client_priv_key = <replaceable>PATH_TO_KEY</replaceable></programlisting></para>
</listitem>
</orderedlist></para>
</section>
</section>