Book Image

Production Ready OpenStack - Recipes for Successful Environments

By : Arthur Berezin
Book Image

Production Ready OpenStack - Recipes for Successful Environments

By: Arthur Berezin

Overview of this book

OpenStack is the most popular open source cloud platform used by organizations building internal private clouds and by public cloud providers. OpenStack is designed in a fully distributed architecture to provide Infrastructure as a Service, allowing us to maintain a massively scalable cloud infrastructure. OpenStack is developed by a vibrant community of open source developers who come from the largest software companies in the world. The book provides a comprehensive and practical guide to the multiple uses cases and configurations that OpenStack supports. This book simplifies the learning process by guiding you through how to install OpenStack in a single controller configuration. The book goes deeper into deploying OpenStack in a highly available configuration. You'll then configure Keystone Identity Services using LDAP, Active Directory, or the MySQL identity provider and configure a caching layer and SSL. After that, you will configure storage back-end providers for Glance and Cinder, which will include Ceph, NFS, Swift, and local storage. Then you will configure the Neutron networking service with provider network VLANs, and tenant network VXLAN and GRE. Also, you will configure Nova's Hypervisor with KVM, and QEMU emulation, and you will configure Nova's scheduler filters and weights. Finally, you will configure Horizon to use Apache HTTPD and SSL, and you will customize the dashboard's appearance.
Table of Contents (16 chapters)
Production Ready OpenStack - Recipes for Successful Environments
About the Author
About the Reviewers

Securing Horizon with Secure Socket Layer

Horizon allows complete control for all the OpenStack resources. The communication that is going back and forth between the user's web browser and the Django web server serving Horizon dashboard contains sensitive information, such as user account passwords and environmental details revealing sensitive user information. The default configuration for Horizon allows an unencrypted, clear text communication channel to the Horizon Django web server. It is highly recommended to configure Horizon to encrypt the data going back and forth using the SSL/TLS protocol.

In this recipe, we will configure the Apache HTTPD server running the Django web service to use the SSL/TLS certificate to encrypt the communication channel, so all information going between the user and Horizon will be encrypted. We will also add a configuration to redirect users from unsecure port 80 to port 443 to use the secured HTTPS protocol.

Getting ready

We will use a self-signed SSL/TLS...