[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Rdo-list] securing services

Dave Neary wrote:

You might be interested in this presentation from Adam Young during the
last OpenStack Summit - it addresses many of your questions, I think:

I've seen it, thanks.

My question was really postgres vs mysql. It seem that most Fedora Openstack docs recommend using postgres and yet most upstream and RDO use mysql, so I was just trying to target my initial efforts appropriately. I think Adam would prefer I work on postgres first.

The ultimate goal is to come up with some puppet scripts that can be run after enrolling an Openstack host into IPA that will secure its services. This is going to be fairly simple in the one-host environment I'm starting on, more complex when services are running on separate machines. This will be my first foray into puppet.




On 06/19/2013 07:10 PM, Rob Crittenden wrote:
I'm looking at adding security to some of the system services using Red
Hat Identity Management (FreeIPA upstream). This is initially going to
be SSL for some, Kerberos for others. For a first round effort this
won't include using Kerberos to authenticate users to Keystone (a much
bigger hammer is needed for that).

I'm looking at adding SSL to Apache and Kerberos to qpid.

What about the database? I can add SSL to mysql and Kerberos to
postgres, should I support both? What is the preferred SQL database for


Rdo-list mailing list
Rdo-list redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]