Go to file

Jonathan Rosser 2ec6709eee Add default rate-limits for API endpoints and Horizon authentication

This patch adds rate limiting for any API call which results in a
4xx response by applying a common stick-table to each HAProxy
backend definition. The stick table can be overridden to allow
customisation of the behaviour.

An additional stick-table is defined for the Horizon endpoint to
enforce a 20-requests-per-10s-per-source-ip sliding window limit
on the horizon /auth path. This provides some protection against
credential stuffing attacks and will generate 429 response codes
to the client and in the HAProxy log. The log could be used by an
alerting system to detect potentially malicious traffic.

The defined rate limit does not include traffic from rfc1918 addresses
and this should be reviewed and overridden as necessary to protect
the external API endpoint.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/848657
Change-Id: I02ed08f9d3d12f7ad2e5dd3a45a699d766933877

2022-07-08 09:43:27 +00:00

deploy-guide/source

[doc] Add CentOS 9 Stream to supported

2022-05-31 18:18:50 +02:00

doc

Continue Zed development

2022-07-05 19:31:23 +00:00

etc

Merge "Add ability to define bridge type for containers"

2022-06-13 10:09:40 +00:00

inventory

Add default rate-limits for API endpoints and Horizon authentication

2022-07-08 09:43:27 +00:00

osa_toolkit

Add ability to define bridge type for containers

2022-06-08 08:10:36 +00:00

playbooks

Continue Zed development

2022-07-05 19:31:23 +00:00

releasenotes

Bump roles and services for Yoga RC1

2022-06-21 08:23:02 +00:00

scripts

Continue Zed development

2022-07-05 19:31:23 +00:00

tests

Merge "Stop NetworkManager on centos 9."

2022-06-17 23:21:39 +00:00

zuul.d

Continue Zed development

2022-07-05 19:31:23 +00:00

.ansible-lint

Bump ansible-lint version

2021-05-31 10:03:26 +00:00

.gitignore

Remove non-working dynamic build of AIO scenario table

2018-09-16 10:49:29 +02:00

.gitreview

OpenDev Migration Patch

2019-04-19 19:48:42 +00:00

ansible-collection-requirements.yml

Continue Zed development

2022-07-05 19:31:23 +00:00

ansible-role-requirements.yml

Continue Zed development

2022-07-05 19:31:23 +00:00

ansible-role-requirements.yml.example

Convert existing roles into galaxy roles

2015-02-18 10:56:25 +00:00

bindep.txt

Remove python2 packages from bindep.txt

2020-09-30 06:53:58 +00:00

CONTRIBUTING.rst

[ussuri][goal] Update contributor documentation

2020-05-14 18:05:24 +03:00

global-requirement-pins.txt

Pin uWSGI version

2021-11-24 17:45:35 +02:00

LICENSE.txt

Correct path to callback plugins in gate script

2016-02-01 16:52:54 +00:00

README.rst

Update contributors guide to reflect IRC network change

2021-06-01 09:24:04 +00:00

requirements.txt

Re-adding PrettyTable dependency

2021-04-03 06:08:03 +00:00

run_tests.sh

Add support for running on Rocky Linux

2022-03-10 09:36:20 +00:00

setup.cfg

setup.cfg: Replace dashes with underscores

2021-04-27 23:03:52 +08:00

setup.py

Updated from global requirements

2017-03-02 11:51:03 +00:00

test-requirements.txt

Update ansible-lint version

2022-01-10 14:54:43 +02:00

tox.ini

skip -W on sphinx-build for translation.

2021-08-18 08:43:06 +00:00

Vagrantfile

Remove support for Ubuntu Bionic

2021-12-15 13:22:10 +00:00

README.rst

Team and repository tags

OpenStack-Ansible

OpenStack-Ansible is an official OpenStack project which aims to deploy production environments from source in a way that makes it scalable while also being simple to operate, upgrade, and grow.

For an overview of the mission, repositories and related Wiki home page, please see the formal Home Page for the project.

For those looking to test OpenStack-Ansible using an All-In-One (AIO) build, please see the Quick Start guide.

For more detailed Installation and Operator documentation, please see the Deployment Guide.

If OpenStack-Ansible is missing something you'd like to see included, then we encourage you to see the Developer Documentation for more details on how you can get involved.

Developers wishing to work on the OpenStack-Ansible project should always base their work on the latest code, available from the master GIT repository at Source.

If you have some questions, or would like some assistance with achieving your goals, then please feel free to reach out to us on the OpenStack Mailing Lists (particularly openstack-discuss) or on IRC in #openstack-ansible on the OFTC network.

OpenStack-Ansible Roles

OpenStack-Ansible offers separate role repositories for each individual role that OpenStack-Ansible supports. For individual role configuration options, see the Role Documentation.

An individual role's source code can be found at: https://opendev.org/openstack/openstack-ansible-<ROLENAME>.

Resources

License: Apache License, Version 2.0
Documentation: https://docs.openstack.org/openstack-ansible/latest/
Source: https://opendev.org/openstack/openstack-ansible
Bugs: https://bugs.launchpad.net/openstack-ansible
Release notes: https://docs.openstack.org/releasenotes/openstack-ansible/