e77dbe04ac
We do not need these namespaces like xmlns:svg and xmlns:html anywhere, remove the declarations. Change-Id: Ic6aa62c28b2b21092d1e1d5c6f431807519f59af
42 lines
1.8 KiB
XML
42 lines
1.8 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section version="5.0" xml:id="section-compute-security"
|
|
xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
<title>Security hardening</title>
|
|
<para>OpenStack Compute can be integrated with various third-party
|
|
technologies to increase security. For more information, see the
|
|
<link xlink:href="http://docs.openstack.org/sec/"><citetitle>OpenStack
|
|
Security Guide</citetitle></link>.</para>
|
|
<xi:include href="../../common/section_trusted-compute-pools.xml"/>
|
|
<section xml:id="section_compute_metadata_https">
|
|
<title>Encrypt Compute metadata traffic</title>
|
|
<para>OpenStack Juno supports encrypting Compute metadata traffic with
|
|
HTTPS. Enable SSL encryption in the <filename>metadata_agent.ini</filename>
|
|
file:<orderedlist>
|
|
<listitem>
|
|
<para>Enable the HTTPS protocol:
|
|
<programlisting>nova_metadata_protocol = https</programlisting>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Determine whether insecure SSL connections are accepted for
|
|
Compute metadata server requests. The default value is
|
|
<option>False</option>:
|
|
<programlisting>nova_metadata_insecure = False</programlisting></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Specify the path to the client certificate:
|
|
<programlisting>
|
|
nova_client_cert = <replaceable>PATH_TO_CERT</replaceable></programlisting></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Specify the path to the private key:
|
|
<programlisting>
|
|
nova_client_priv_key = <replaceable>PATH_TO_KEY</replaceable></programlisting></para>
|
|
</listitem>
|
|
</orderedlist></para>
|
|
</section>
|
|
</section>
|
|
|