8ad37b254d
In the past couple of weeks a number of security patches have been made to openstack-ansible, this patch documents these changes. Hopefully the level of the documentation gives the users enough background on what the changes are and how to use them, without going into the detailed specifics of each feature. Regarding the upgrade to TLS for haproxy internal VIP and backends in existing deployments, I have some ideas on how this could be done without causing downtime but have not had chance to test this yet. The idea is to use a TCP frontend that accepts both HTTP and HTTPS traffic and redirects to correct frontend for each. Change-Id: Idc7b1c8908b150eaaf12980612083d31d3a5b669
384 B
384 B
Security settings
This chapter contains information to configure specific security settings for your OpenStack-Ansible cloud.
For understanding security design, please see security-design.