[Openstack] Securing privileged access to a swift storage
Axel Christiansen
axel at hardreset.de
Tue Oct 15 14:38:09 UTC 2013
Hello List.
I can imagine this has been asked before. But a search engine or the the
archives did not deliver what i am looking for easily.
We have a swift-cluser running, with some storage-nodes, swift-proxys
and a keystone identity service.
The proxys do forward anything from the outside to the swift-proxys or
the keystone-server, as needed. This happens via http or https.
from outside
/ \
https via \
pound |
\ |
http via
haproxy
| \
| keystone
| /
swift-proxy
/ | | | \
/ \
storage
nodes
It is considered a security risk allowing anyone privileged using
keystone over a clear text connection like http from the internet.
What would be best practice preventing storage- and openstack- admins
using the storage over unsecure public lines.
Thanks a lot.
Axel
More information about the Openstack
mailing list