The Must-Attend

Open Infrastructure Event

The open infrastructure landscape is changing, and so is the Summit. Now that users are integrating dozens of open source tools into a modern stack that reaches well beyond the scope of OpenStack, we’re re-organizing the event to focus on specific problem domains like container infrastructure, edge computing and CI/CD and we are focusing on the hard work of integrating all of these tools developed in disparate communities. This is the essential work of 2018 and beyond, to ensure that open infrastructure is truly a viable path for operators.

Boston
May 8-11, 2017

The Must-Attend

Open Infrastructure Event

Join the movement behind the most widely deployed open source cloud platform. Whether you are pursuing a private, hybrid or multi-cloud approach, the OpenStack Summit is the place to network, skill up and plan your cloud strategy.

Boston
May 8-11, 2017

Event Details


Fifty Shades of Enrollment: How to use Certmonger to win OpenStack

When securing the Openstack services by deploying them behind TLS, we need to figure out how to automatically obtain and manage the required certificates.  Certmonger has long been used for precisely this purpose, but the instance needs credentials.


This talk will explore how a new Nova micro-service (novajoin) is used to enroll nova instances as FreeIPA clients, which in turn provides the credentials to get certificates for hosts and services. Moreover, we get the abilities to implement centralized host and sudo access controls.


What can I expect to learn?

Attendees will learn how to use novajoin - a new Nova micro-service, to register Nova instances as IPA clients.  This, in turn, will allow you to use certmonger to issue and manage host and service certficates for TLS, and to enforce centralized host and sudo access control.

Monday, May 8, 12:20pm-12:30pm
Level: Beginner
Tags: Nova Security
Red Hat
Ade works for Red Hat, and has been involved in Dogtag development (and its integration into FreeIPA) for a number of years now. He has worked to integrate Dogtag and FreeIPA with Openstack, and is a core contributor to the Barbican project. Most recently, he has worked on puppet modules to deploy Barbican in Triple-O and RDO. FULL PROFILE
Red Hat
Rob Crittenden is a Principal Software Engineer at Red Hat working on Security in OpenStack. He previously worked on the FreeIPA identity management project and has dabbled in web servers,SAML2 and general security. FULL PROFILE