e880c6e326
Editing the nested sections for the compute chapter. Mostly grammar, wording, style, convention, etc. This patch includes rootwrap and security. Watch this space for more. Change-Id: I63d9691e64f14c4eba9ca4440930f06e757f9750 Partial-Bug: #1251195
40 lines
1.7 KiB
XML
40 lines
1.7 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook" xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="section-compute-security">
|
|
<title>Security hardening</title>
|
|
<para>OpenStack Compute can be integrated with various third-party
|
|
technologies to increase security. For more information, see the
|
|
<link xlink:href="http://docs.openstack.org/sec/">
|
|
<citetitle>OpenStack Security Guide</citetitle></link>.</para>
|
|
|
|
<xi:include href="section_trusted-compute-pools.xml"/>
|
|
|
|
<section xml:id="section_compute_metadata_https">
|
|
<title>Encrypt Compute metadata traffic</title>
|
|
<para>OpenStack supports encrypting Compute metadata traffic with HTTPS.
|
|
Enable SSL encryption in the <filename>metadata_agent.ini</filename>
|
|
file.</para>
|
|
<procedure>
|
|
<title>Enabling SSL encryption</title>
|
|
<step>
|
|
<para>Enable the HTTPS protocol:</para>
|
|
<programlisting>nova_metadata_protocol = https</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Determine whether insecure SSL connections are accepted for
|
|
Compute metadata server requests. The default value is
|
|
<option>False</option>:</para>
|
|
<programlisting>nova_metadata_insecure = False</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Specify the path to the client certificate:</para>
|
|
<programlisting>nova_client_cert = <replaceable>PATH_TO_CERT</replaceable></programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Specify the path to the private key:</para>
|
|
<programlisting>nova_client_priv_key = <replaceable>PATH_TO_KEY</replaceable></programlisting>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
</section>
|