Hi, I am Eranachandran

i am an enthusiastic engineer


Securing OpenStack API service endpoints using CA Signed Certificates

CA Certificate(certificate¬†authority) CA-Signed Certificates are Valid SSL Certificates, the main difference between self-signed certificates and Trusted CA Certificates is the browsers will throw an error for self-signed certificate (Insecure Warning and the certificate is not valid SSL, not issued by trusted CA) . In previous posts was published about the Configuring Self-signed certificates for OpenStack […]

Configuring OpenSSL for OpenStack Horizon

Create a Self-Signed certificates’s keyfile and certificate file using Following OpenSSL command, sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout  /etc/ssl/client.key -out /etc/ssl/client.crt  The above command generates client.key file and client.crt file  Configuring SSL in /etc/apache2/sites-available/default-ssl.conf Now Horizon will work with both http and https, so the http traffic should be redirected as https, this will be enabled by adding Redirect / https:// {domain or […]

Adding Self-Signed Certificate for Heat and Cinder API Service Endpoints

Configuring Self-Signed Certificate for Heat API Service endpoints  Update /etc/heat/heat.conf  [DEFAULT]  heat_metadata_server_url = https://controller:8000  heat_waitcondition_server_url = https://controller:8000/v1/waitcondition  [clients_keystone]  auth_uri = https://controller:35357  cert_file =  /etc/ssl/client.pem  key_file =  /etc/ssl/client-key.pem  insecure = true  [ec2authtoken]  auth_uri = https://controller:5000/v3  cert_file =  /etc/ssl/client.pem  key_file =  /etc/ssl/client-key.pem  insecure = true  [heat_api]  cert_file = /etc/ssl/client.pem  key_file = /etc/ssl/client-key.pem  [keystone_authtoken]  auth_uri = https://controller:5000  auth_url = https://controller:35357  certfile =  /etc/ssl/client.pem  keyfile =  /etc/ssl/client-key.pem  insecure = true  [trustee]  auth_url = https://controller:35357  After this, make the changes in endpoint urls from http to https in Database or recreate the endpoints […]

Adding Self-Signed Certificate for Nova and Neutron API Service endpoints

Configuring Self-Signed Certificate for Nova API Service endpoints  Update /etc/nova/nova.conf  [DEFAULT]  ssl_only = True    cert = /etc/ssl/client.pem  key = /etc/ssl/client-key.pem  enabled_ssl_apis = osapi_compute,metadata  [glance]  api_servers = https://controller:9292  certfile = /etc/ssl/client.pem  keyfile = /etc/ssl/client-key.pem  insecure = true  [keystone_authtoken]  auth_uri = https://controller:5000  auth_url = https://controller:35357  certfile = /etc/ssl/client.pem  keyfile = /etc/ssl/client-key.pem  insecure = true  The Placement API service endpoints also should be configured with Self-Signed certificate for nova.  In /etc/apache2/sites-available/ location nova-placement-api.conf will be available,this file is used to configure Self-Signed […]

Adding Self-Signed Certificate for Keystone and Glance API Service endpoints

1.Generating Self-Signed Certificates  Enable ssl by typing this command sudo a2enmod ssl  Enabling ssl requires the apache2 service should be restarted, so restart apache by using this command service apache2 restart  Create a directory for the Self-Signed certificate by using sudo mkdir /etc/ssl  Generate Self-Signed Certificate by using the below command sudo openssl req -x509 -nodes -days 365 –newkey rsa:2048 –keyout  /etc/ssl/client.key -out /etc/ssl/client.crt              The above command generates client.key file and client.crt file   Convert the generated files into pem format by […]

Simple Ansible Script to Provision an Instance In AWS EC2

Ec2 Instance provisioning example – name: Creating AWS resources hosts: localhost vars: aws_access_key: aws_secret_key: key_name: aws_region: vpc_id: vpc_subnet_id: ami_id: instance_type: my_local_cidr_ip: group_id: connection: local gather_facts: False tasks: – name: Create an EC2 instance ec2: aws_access_key: “{{aws_access_key}}” aws_secret_key: “{{aws_secret_key}}” key_name: “{{key_name}}” region: “{{aws_region}}” vpc_subnet_id: “{{vpc_subnet_id}}” group_id: “{{group_id}}” instance_type: “{{instance_type}}” image: “{{ami_id}}” wait: yes volumes: – device_name: […]

Static and Dynamic Routing

Routing and types of routing Routing is a process of forwarding packets from one network to another network in an optimal way. It happens in Layer3 or network layer and it performed by a dedicated device called router. Routing process will happens based on the routing tables. It was specified by a network administrator or […]

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top