openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/doc/source/install-guide/overview-security.rst
Major Hayden 0e8b6e9655 Docs: RabbitMQ/MariaDB least privilege 
This patch adds documentation to the overview section and it describes
how the principle of least privilege is used for MariaDB and RabbitMQ.

Closes-bug: 1495154

Change-Id: I02bfaa45636e1b088f356504da789c6b65ae9d10
2016-02-05 14:32:35 -06:00

3.1 KiB
Raw Blame History

Home OpenStack-Ansible Installation Guide

Security

The OpenStack-Ansible project provides several security features for OpenStack deployments. This section of documentation covers some of those features and how they can benefit deployers of various sizes.

Security requirements will always differ between deployers. For deployers that need additional security measures in place, please refer to the official OpenStack Security Guide for additional resources.

AppArmor

The Linux kernel offers multiple security modules (LSMs) that that set mandatory access controls (MAC) on Linux systems. The OpenStack-Ansible project configures AppArmor, a Linux security module, to provide additional security on LXC container hosts. AppArmor allows administrators to set specific limits and policies around what resources a particular application can access. Any activity outside the allowed policies is denied at the kernel level.

In OpenStack-Ansible, AppArmor profiles are applied that limit the actions that each LXC container may take on a system. This is done within the lxc_hosts role.

Encrypted communication

Data is encrypted while in transit between some OpenStack services in OpenStack-Ansible deployments. Not all communication between all services is currently encrypted. For more details on what traffic is encrypted, and how to configure SSL certificates, refer to the documentation section titled Securing services with SSL certificates.

Host security hardening

Deployers can apply security hardening to OpenStack infrastructure and compute hosts using the openstack-ansible-security role. The purpose of the role is to apply as many security configurations as possible without disrupting the operation of an OpenStack deployment.

Refer to the documentation on security_hardening for more information on the role and how to enable it in OpenStack-Ansible.

Least privilege

The principle of least privilege is used throughout OpenStack-Ansible to limit the damage that could be caused if an attacker gained access to a set of credentials.

OpenStack-Ansible configures unique username and password combinations for each service that talks to RabbitMQ and Galera/MariaDB. Each service that connects to RabbitMQ uses a separate virtual host for publishing and consuming messages. The MariaDB users for each service are only granted access to the database(s) that they need to query.