My Profile Photo

Ozznotes


This is a blog with random OpenStack and Linux related notes so I don't forget things. If you find something inaccurate or that could be fixed, please file a bug report here.


  1. Run ansible playbook on TripleO nodes

    Running an ansible playbook on TripleO nodes is fairly simple thanks to the work done by the folks working on tripleo-validations. There’s no need to manually maintain an inventory file with all the nodes as there is already a dynamic inventory script set up for us. …


  2. Using FreeIPA as an LDAP domain backend for keystone in TripleO

    Configuring FreeIPA to be the backend of a keystone domain is pretty simple nowadays with recent additions to TripleO. …


  3. Testing TLS with Nova live migration

    As part of the TLS everywhere work, I’ve been working on getting Nova’s live migration to work with TLS as well. This requires to set up libvirt’s remote transport URL to use TLS. Thankfully, to better understand this, libvirt’s documentation is actually pretty good. …


  4. Testing containerized OpenStack services with kolla

    Note that the following instructions are for Fedora 25 as that’s what I’m currently running. …


  5. Deploying a containerized overcloud

    Deploying a containerized overcloud is a matter of adding the environments/docker.yaml environment to the overcloud deployment. …


  6. Deploying a TLS everywhere environment with oooq and an existing FreeIPA server

    As an attempt to make the “TLS everywhere” bits more usable and easier for people to try out, I added the deployment steps to tripleo-quickstart. …


  7. Changing the SSL cypher and rules for TripleO's HAProxy

    To change the ssl cipher and TLS rules for TripleO’s HAProxy, one needs to set up the following attributes for the haproxy.pp manifest in puppet-tripleo: …


  8. Testing out the TLS everywhere patches for TripleO

    With the TLS-everywhere (powered by certmonger) patches accumulating in gerrit. It’s probably a good idea to write how I set up my development environment so others can do the same and try it out. …


  9. How is TLS powered by certmonger being done

    I’ve been working on trying to get TLS everywhere for TripleO. And, while not everything has merged yet to the project, this is an overview of how things are being done, which I hope helps reviewers have an easier time checking it out. And me sanity-checking the approach. …


  10. Porting Glance to run over Apache HTTPd

    In the quest of getting TLS everywhere in TripleO, with a bunch of work-in-progress patches I got services running over httpd to use TLS for the internal network. Now the question is, what do we do with the rest of the services? Not many people want to run their crypto on python, so we need to figure out something else. There are two options: Run a proxy in front of the service or port that service to run over httpd (which we already would have patches to enable TLS for it). So I opted for the second option. …