openstack
/
openstack-ansible-os_nova
Code Issues Proposed changes
Role os_nova for OpenStack-Ansible
1,235 Commits 9 Branches 17 Tags 15 MiB
Jinja 58.2%
Python 28.4%
Shell 13.4%
Go to file
James Gibson 2b8d5a0b88 Enable TLS for VNC from novncproxy to compute hosts 
To secure communications from the proxy server to the compute
nodes using VeNCrypt authentication scheme.

In a previous patch a TLS server certificate was deployed to
compute nodes, this patch makes use of this same server cert for
securing VNC sessions on compute nodes. It is recommended that
this certificate be issued by a dedicated certificate authority
solely for the VNC service, as libvirt does not currently have a
mechanism to restrict what certificates can be presented by the
proxy server. This has not been implemented to reduce complexity.

In addition the noVNC proxy needs to present a client certificate
so only approved VNC proxy servers can connect to the Compute nodes.
The PKI role has been used to create a client certificate for the
nova console nodes.

Related Nova docs:
https://docs.openstack.org/nova/latest/admin/remote-console-access.html

To help with the transition from from unencrypted VNC to VeNCrypt,
initially compute nodes auth scheme allows for both encrypted and
unencrypted sessions using the variable `nova_vencrypt_auth_scheme`, this
will be removed in future releases.

Change-Id: Iafb788f80fd401c6ce6e4576bafd06c92431bd65
 		2021-11-11 14:23:27 +00:00
defaults Enable TLS for VNC from novncproxy to compute hosts 2021-11-11 14:23:27 +00:00
doc Fix linter errors 2020-10-02 07:51:23 +01:00
examples Remove useless code-block tag 2019-09-20 14:24:43 +03:00
files Add ignore_msrs=1 2020-05-06 14:48:02 +00:00
handlers Enable TLS for VNC from novncproxy to compute hosts 2021-11-11 14:23:27 +00:00
meta Remove references to unsupported operating systems 2021-03-10 12:16:39 +00:00
releasenotes Enable TLS for VNC from novncproxy to compute hosts 2021-11-11 14:23:27 +00:00
tasks Enable TLS for VNC from novncproxy to compute hosts 2021-11-11 14:23:27 +00:00
templates Enable TLS for VNC from novncproxy to compute hosts 2021-11-11 14:23:27 +00:00
tests Cleanup after repo_build and pip_install retirement 2020-05-12 22:40:19 +03:00
vars Add libcapstone4 pinning from backports 2021-05-25 10:27:51 +03:00
zuul.d Replace linters test with integarted one 2021-05-25 19:56:18 +03:00
.gitignore Updated from OpenStack Ansible Tests 2019-08-20 03:06:37 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:49:15 +00:00
CONTRIBUTING.rst [ussuri][goal] Update contributor documentation 2020-05-12 22:38:49 +03:00
LICENSE Implement base configuration for independent repository 2016-03-02 00:07:37 +00:00
README.rst Replace git.openstack.org URLs with opendev.org URLs 2019-05-06 19:25:48 +08:00
Vagrantfile Updated from OpenStack Ansible Tests 2021-03-22 08:48:20 +00:00
bindep.txt Updated from OpenStack Ansible Tests 2021-03-12 22:20:28 +00:00
manual-test.rc Use centralised test scripts 2016-09-28 10:27:39 +01:00
run_tests.sh Updated from OpenStack Ansible Tests 2021-03-12 22:20:28 +00:00
setup.cfg setup.cfg: Replace dashes with underscores 2021-04-30 14:08:20 +08:00
setup.py Cleanup py27 support 2020-04-14 16:42:34 +08:00
tox.ini Changed minversion in tox to 3.18.0 2021-07-03 21:12:28 +08:00

README.rst

Team and repository tags

image

OpenStack-Ansible nova

Ansible role that installs and configures OpenStack nova and all of its corresponding services.

This role will install the following:
  • nova-api
  • nova-conductor
  • nova-scheduler
  • nova-console
  • nova-compute

Documentation for the project can be found at: https://docs.openstack.org/openstack-ansible-os_nova/latest/

Release notes for the project can be found at: https://docs.openstack.org/releasenotes/openstack-ansible-os_nova/

The project source code repository is located at: https://opendev.org/openstack/openstack-ansible-os_nova/

The project home is at: https://launchpad.net/openstack-ansible

The project bug tracker is located at: https://bugs.launchpad.net/openstack-ansible