Securing Swift API Service Endpoints

In previous i have posted about OpenStack Object Storage(swift), this post is Securing Object Storage Service API endpoints in OpenStack Queens environment(Configuring OpenSSL) Consider your having Swift API service endpoints in https like below mentioned Consider your having Certificate and key file like below mentioned Certificate File – openstack.crt and Key File – openstack.key Steps […]

OpenStack and Object Storage(Swift )

OpenStack Platform Openstack Is an open source cloud computing platform used to implement the cloud environment. This environment is providing the best way to manage a large amount of data, it has a large number of resources, networking, and storage which provides reliable performance. The OpenStack platform will accept all integrations and the operating system […]

Securing OpenStack API service endpoints using CA Signed Certificates

CA Certificate(certificate¬†authority) CA-Signed Certificates are Valid SSL Certificates, the main difference between self-signed certificates and Trusted CA Certificates is the browsers will throw an error for self-signed certificate (Insecure Warning and the certificate is not valid SSL, not issued by trusted CA) . In previous posts was published about the Configuring Self-signed certificates for OpenStack […]

Configuring OpenSSL for OpenStack Horizon

Create a Self-Signed certificates’s keyfile and certificate file using Following OpenSSL command, sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout  /etc/ssl/client.key -out /etc/ssl/client.crt  The above command generates client.key file and client.crt file  Configuring SSL in /etc/apache2/sites-available/default-ssl.conf Now Horizon will work with both http and https, so the http traffic should be redirected as https, this will be enabled by adding Redirect / https:// {domain or […]

Adding Self-Signed Certificate for Heat and Cinder API Service Endpoints

Configuring Self-Signed Certificate for Heat API Service endpoints  Update /etc/heat/heat.conf  [DEFAULT]  heat_metadata_server_url = https://controller:8000  heat_waitcondition_server_url = https://controller:8000/v1/waitcondition  [clients_keystone]  auth_uri = https://controller:35357  cert_file =  /etc/ssl/client.pem  key_file =  /etc/ssl/client-key.pem  insecure = true  [ec2authtoken]  auth_uri = https://controller:5000/v3  cert_file =  /etc/ssl/client.pem  key_file =  /etc/ssl/client-key.pem  insecure = true  [heat_api]  cert_file = /etc/ssl/client.pem  key_file = /etc/ssl/client-key.pem  [keystone_authtoken]  auth_uri = https://controller:5000  auth_url = https://controller:35357  certfile =  /etc/ssl/client.pem  keyfile =  /etc/ssl/client-key.pem  insecure = true  [trustee]  auth_url = https://controller:35357  After this, make the changes in endpoint urls from http to https in Database or recreate the endpoints […]

Adding Self-Signed Certificate for Nova and Neutron API Service endpoints

Configuring Self-Signed Certificate for Nova API Service endpoints  Update /etc/nova/nova.conf  [DEFAULT]  ssl_only = True    cert = /etc/ssl/client.pem  key = /etc/ssl/client-key.pem  enabled_ssl_apis = osapi_compute,metadata  [glance]  api_servers = https://controller:9292  certfile = /etc/ssl/client.pem  keyfile = /etc/ssl/client-key.pem  insecure = true  [keystone_authtoken]  auth_uri = https://controller:5000  auth_url = https://controller:35357  certfile = /etc/ssl/client.pem  keyfile = /etc/ssl/client-key.pem  insecure = true  The Placement API service endpoints also should be configured with Self-Signed certificate for nova.  In /etc/apache2/sites-available/ location nova-placement-api.conf will be available,this file is used to configure Self-Signed […]

Adding Self-Signed Certificate for Keystone and Glance API Service endpoints

1.Generating Self-Signed Certificates  Enable ssl by typing this command sudo a2enmod ssl  Enabling ssl requires the apache2 service should be restarted, so restart apache by using this command service apache2 restart  Create a directory for the Self-Signed certificate by using sudo mkdir /etc/ssl  Generate Self-Signed Certificate by using the below command sudo openssl req -x509 -nodes -days 365 –newkey rsa:2048 –keyout  /etc/ssl/client.key -out /etc/ssl/client.crt              The above command generates client.key file and client.crt file   Convert the generated files into pem format by […]

Simple Ansible Script to Provision an Instance In AWS EC2

Ec2 Instance provisioning example – name: Creating AWS resources hosts: localhost vars: aws_access_key: aws_secret_key: key_name: aws_region: vpc_id: vpc_subnet_id: ami_id: instance_type: my_local_cidr_ip: group_id: connection: local gather_facts: False tasks: – name: Create an EC2 instance ec2: aws_access_key: “{{aws_access_key}}” aws_secret_key: “{{aws_secret_key}}” key_name: “{{key_name}}” region: “{{aws_region}}” vpc_subnet_id: “{{vpc_subnet_id}}” group_id: “{{group_id}}” instance_type: “{{instance_type}}” image: “{{ami_id}}” wait: yes volumes: – device_name: […]

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top