Boston
May 8-11, 2017

Event Details

Please note: All times listed below are in Central Time Zone


Fifty Shades of Enrollment: How to use Certmonger to win OpenStack

When securing the Openstack services by deploying them behind TLS, we need to figure out how to automatically obtain and manage the required certificates.  Certmonger has long been used for precisely this purpose, but the instance needs credentials.


This talk will explore how a new Nova micro-service (novajoin) is used to enroll nova instances as FreeIPA clients, which in turn provides the credentials to get certificates for hosts and services. Moreover, we get the abilities to implement centralized host and sudo access controls.


What can I expect to learn?

Attendees will learn how to use novajoin - a new Nova micro-service, to register Nova instances as IPA clients.  This, in turn, will allow you to use certmonger to issue and manage host and service certficates for TLS, and to enforce centralized host and sudo access control.

Monday, May 8, 12:20pm-12:30pm (4:20pm - 4:30pm UTC)
Difficulty Level: Beginner
Tags: Nova Security
Red Hat
Ade works for Red Hat, and has been involved in various security and OpenStack projects (Dogtag, FreeIPA, Barbican, TripleO) for several years.  He is a former Barbican PTL.  Most recently, he's been working on FIPS compliance in OpenStack. FULL PROFILE
Red Hat
Rob Crittenden is a Principal Software Engineer at Red Hat working on Security in OpenStack. He previously worked on the FreeIPA identity management project and has dabbled in web servers,SAML2 and general security. FULL PROFILE