Book Image

Production Ready OpenStack - Recipes for Successful Environments

By : Arthur Berezin
Book Image

Production Ready OpenStack - Recipes for Successful Environments

By: Arthur Berezin

Overview of this book

OpenStack is the most popular open source cloud platform used by organizations building internal private clouds and by public cloud providers. OpenStack is designed in a fully distributed architecture to provide Infrastructure as a Service, allowing us to maintain a massively scalable cloud infrastructure. OpenStack is developed by a vibrant community of open source developers who come from the largest software companies in the world. The book provides a comprehensive and practical guide to the multiple uses cases and configurations that OpenStack supports. This book simplifies the learning process by guiding you through how to install OpenStack in a single controller configuration. The book goes deeper into deploying OpenStack in a highly available configuration. You'll then configure Keystone Identity Services using LDAP, Active Directory, or the MySQL identity provider and configure a caching layer and SSL. After that, you will configure storage back-end providers for Glance and Cinder, which will include Ceph, NFS, Swift, and local storage. Then you will configure the Neutron networking service with provider network VLANs, and tenant network VXLAN and GRE. Also, you will configure Nova's Hypervisor with KVM, and QEMU emulation, and you will configure Nova's scheduler filters and weights. Finally, you will configure Horizon to use Apache HTTPD and SSL, and you will customize the dashboard's appearance.
Table of Contents (16 chapters)
Production Ready OpenStack - Recipes for Successful Environments
About the Author
About the Reviewers

Securing Keystone with SSL

Keystone is responsible for account authorization and authentication to all OpenStack services, as such, the entire communication transport over the Keystone API is sensitive. Information as Tokens, account credentials, and passwords are sent in clear text over the network. If the communication transport to the Keystone API is compromised, the whole OpenStack environment is at risk. For example, in a man-in-the-middle (MITM) attack, tokens or user credentials can be stolen resulting full access and control over the whole OpenStack environment.

To reduce the risk of sensitive data being intercepted, it is highly recommended to protect Keystone API communication with SSL/TLS, so all ongoing traffic to the Keystone API is encrypted.

Getting ready

In this recipe, we will configure Keystone to enable the SSL/TLS communication. Configuring Secure Socket Layer (SSL) requires signed private and public keys, and a certificate signed by a certificate authority.

For testing purposes...