The Must-Attend

Open Infrastructure Event

The world runs on open infrastructure. At the OpenStack Summit, you’ll learn about the mix of open technologies building the modern infrastructure stack, including OpenStack, Kubernetes, Docker, Ansible, Ceph, OVS, OpenContrail, OPNFV, and more. Whether you are pursuing a private, public or multi-cloud approach, the OpenStack Summit is the place to network, skill up and plan your cloud strategy.

Boston
May 8-11, 2017

The Must-Attend

Open Infrastructure Event

Join the movement behind the most widely deployed open source cloud platform. Whether you are pursuing a private, hybrid or multi-cloud approach, the OpenStack Summit is the place to network, skill up and plan your cloud strategy.

Boston
May 8-11, 2017

Event Details


Fifty Shades of Enrollment: How to use Certmonger to win OpenStack

When securing the Openstack services by deploying them behind TLS, we need to figure out how to automatically obtain and manage the required certificates.  Certmonger has long been used for precisely this purpose, but the instance needs credentials.


This talk will explore how a new Nova micro-service (novajoin) is used to enroll nova instances as FreeIPA clients, which in turn provides the credentials to get certificates for hosts and services. Moreover, we get the abilities to implement centralized host and sudo access controls.


What can I expect to learn?

Attendees will learn how to use novajoin - a new Nova micro-service, to register Nova instances as IPA clients.  This, in turn, will allow you to use certmonger to issue and manage host and service certficates for TLS, and to enforce centralized host and sudo access control.

Monday, May 8, 12:20pm-12:30pm
Level: Beginner
Tags: Nova security
Red Hat
Ade works for Red Hat, and has been involved in Dogtag development (and its integration into FreeIPA) for a number of years now. He has worked to integrate Dogtag and FreeIPA with Openstack, and is a core contributor to the Barbican project. Most recently, he has worked on puppet modules to deploy Barbican in Triple-O and RDO. FULL PROFILE
Red Hat
Rob Crittenden is a Principal Software Engineer at Red Hat working on Security in OpenStack. He previously worked on the FreeIPA identity management project and has dabbled in web servers,SAML2 and general security. FULL PROFILE