Update nova-compute keystone validation
In Ocata, auth_strategy was moved into the [api] namespace, making [api] or [DEFAULT] a valid section to place this option in. Change-Id: I6ec0f4fb0cc24f537defec78bfcdf35147b4ba23
This commit is contained in:
parent
6a64a48682
commit
a4a24e3d0b
|
@ -88,12 +88,22 @@ attacker might gain unauthorized access to the OpenStack components. We
|
|||
strongly recommend that all services must be authenticated with keystone
|
||||
using their service accounts.
|
||||
|
||||
Before Ocata:
|
||||
|
||||
**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` section
|
||||
in ``/etc/nova/nova.conf`` is set to ``keystone``.
|
||||
|
||||
**Fail:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` section
|
||||
is set to ``noauth`` or ``noauth2``.
|
||||
|
||||
After Ocata:
|
||||
|
||||
**Pass:** If value of parameter ``auth_strategy`` under ``[api]`` or
|
||||
``[DEFAULT]`` section in ``/etc/nova/nova.conf`` is set to ``keystone``.
|
||||
|
||||
**Fail:** If value of parameter ``auth_strategy`` under ``[api]`` or
|
||||
``[DEFAULT]`` section is set to ``noauth`` or ``noauth2``.
|
||||
|
||||
.. _check_compute_04:
|
||||
|
||||
Check-Compute-04: Is secure protocol used for authentication?
|
||||
|
|
Loading…
Reference in New Issue