[Openstack] Securing privileged access to a swift storage

Axel Christiansen axel at hardreset.de
Tue Oct 15 14:38:09 UTC 2013

Hello List.

I can imagine this has been asked before. But a search engine or the the
archives did not deliver what i am looking for easily.

We have a swift-cluser running, with some storage-nodes, swift-proxys
and a keystone identity service.

The proxys do forward anything from the outside to the swift-proxys or
the keystone-server, as needed. This happens via http or https.

     from outside
       /    \
  https via  \
   pound     |
      \      |
      http via
          |   \
          |   keystone
          |   /
    / |  |  |  \
   /            \

It is considered a security risk allowing anyone privileged using
keystone over a clear text connection like http from the internet.

What would be best practice preventing storage- and openstack- admins
using the storage over unsecure public lines.

Thanks a lot.


More information about the Openstack mailing list