openstack/openstack-ansible
Code Issues Proposed changes
7ebd4a7914
openstack-ansible/inventory/group_vars
History
Jonathan Rosser 2ec6709eee Add default rate-limits for API endpoints and Horizon authentication 
This patch adds rate limiting for any API call which results in a
4xx response by applying a common stick-table to each HAProxy
backend definition. The stick table can be overridden to allow
customisation of the behaviour.

An additional stick-table is defined for the Horizon endpoint to
enforce a 20-requests-per-10s-per-source-ip sliding window limit
on the horizon /auth path. This provides some protection against
credential stuffing attacks and will generate 429 response codes
to the client and in the HAProxy log. The log could be used by an
alerting system to detect potentially malicious traffic.

The defined rate limit does not include traffic from rfc1918 addresses
and this should be reviewed and overridden as necessary to protect
the external API endpoint.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/848657
Change-Id: I02ed08f9d3d12f7ad2e5dd3a45a699d766933877
2022-07-08 09:43:27 +00:00
..
all Disable service_token requirement by default 2022-06-14 09:32:35 +00:00
haproxy Add default rate-limits for API endpoints and Horizon authentication 2022-07-08 09:43:27 +00:00
all_containers.yml Add Debian Bullseye support 2021-06-03 15:18:40 +00:00
ceilometer_all.yml Cleanup after service variables merged 2021-06-02 08:17:30 +00:00
ceph_all.yml Remove support for Ubuntu Bionic 2021-12-15 13:22:10 +00:00
ceph-rgw.yml Remove references to unsupported operating systems 2022-01-13 19:45:26 +02:00
cinder_all.yml Use cinder defaults for cinder_management_address 2021-10-11 10:53:25 +00:00
cinder_volume.yml Convert lxc2 config keys to lxc3 format 2020-10-07 20:58:43 +00:00
galera_all.yml Remove Centos-7 support 2020-10-16 15:51:59 +00:00
glance_all.yml Cleanup after service variables merged 2021-06-02 08:17:30 +00:00
gnocchi_all.yml Cleanup after service variables merged 2021-06-02 08:17:30 +00:00
heat_all.yml Cleanup after service variables merged 2021-06-02 08:17:30 +00:00
horizon_all.yml Cleanup after service variables merged 2021-06-02 08:17:30 +00:00
hosts.yml Use ansible_facts[] instead of fact variables in group_vars 2021-03-27 11:48:56 +00:00
ironic_compute.yml Move inventory files to folder in root of repo 2017-12-16 02:34:33 -08:00
ironic-compute_hosts.yml Move inventory files to folder in root of repo 2017-12-16 02:34:33 -08:00
keystone_all.yml Cleanup after service variables merged 2021-06-02 08:17:30 +00:00
kvm-compute_hosts.yml Move inventory files to folder in root of repo 2017-12-16 02:34:33 -08:00
masakari-monitor_hosts.yml Add corosync/pacemaker installation 2020-08-21 11:27:29 +00:00
memcached.yml Remove Centos-7 support 2020-10-16 15:51:59 +00:00
network_hosts.yml Move inventory files to folder in root of repo 2017-12-16 02:34:33 -08:00
neutron_agent.yml Convert lxc2 config keys to lxc3 format 2020-10-07 20:58:43 +00:00
neutron_calico_dhcp_agent.yml Add ansible.utils collectoin requirement 2022-03-14 13:48:09 +00:00
nova_all.yml Cleanup after service variables merged 2021-06-02 08:17:30 +00:00
physical_hosts.yml Use a static inventory skeleton 2018-07-25 12:34:58 +00:00
qemu-compute_hosts.yml Move inventory files to folder in root of repo 2017-12-16 02:34:33 -08:00
rabbitmq_all.yml Listen RabbitMQ on all available container networks 2021-04-05 17:50:26 +03:00
repo_all.yml Use glusterfs to synchronise repo server contents 2022-05-12 13:37:36 +00:00
rsyslog.yml Move inventory files to folder in root of repo 2017-12-16 02:34:33 -08:00
swift_all.yml Cleanup after service variables merged 2021-06-02 08:17:30 +00:00
trove_all.yml Cleanup after service variables merged 2021-06-02 08:17:30 +00:00
utility_all.yml Install murano client for distro installs 2022-06-17 06:20:22 +00:00