diff --git a/doc/install-guide/ch_basic_environment.xml b/doc/install-guide/ch_basic_environment.xml
index 6c691703b9..1ef11d8eb9 100644
--- a/doc/install-guide/ch_basic_environment.xml
+++ b/doc/install-guide/ch_basic_environment.xml
@@ -40,7 +40,7 @@
-
+
diff --git a/doc/install-guide/section_basics-passwords.xml b/doc/install-guide/section_basics-security.xml
similarity index 65%
rename from doc/install-guide/section_basics-passwords.xml
rename to doc/install-guide/section_basics-security.xml
index b01e0cbeff..06d5778c0d 100644
--- a/doc/install-guide/section_basics-passwords.xml
+++ b/doc/install-guide/section_basics-security.xml
@@ -3,27 +3,24 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
- xml:id="basics-passwords">
+ xml:id="basics-security">
-
Passwords
- The various OpenStack services and the required software like the
- database and the messaging server have to be password protected. You use
- these passwords when configuring a service and then again to access the
- service. You have to choose a password while configuring the
- service and later remember to use the same password when accessing it.
- Optionally, you can generate random passwords with the
- pwgen program. Or, to create passwords one at a
- time, use the output of this command repeatedly:
- $openssl rand -hex 10
-
- This guide uses the convention that
- SERVICE_PASS is
- the password to access the service SERVICE and
- SERVICE_DBPASS is
- the database password used by the service SERVICE to access the
- database.
-
- The complete list of passwords you need to define in this guide are:
+ Security
+ OpenStack services support various security methods including
+ password, policy, and encryption. Additionally, supporting services
+ including the database server and message broker support at least
+ password security.
+ To ease the installation process, this guide only covers password
+ security where applicable. You can create secure passwords manually,
+ generate them using a tool such as pwgen, or
+ by running the following command:
+ $openssl rand -hex 10
+ For OpenStack services, this guide uses
+ SERVICE_PASS to reference service account
+ passwords and SERVICE_DBPASS to reference
+ database passwords.
+ The following table provides a list of services that require
+ passwords and their associated references in the guide:
Passwords
@@ -37,7 +34,7 @@
Database password (no variable used)
Root password for the database
-
+
RABBIT_PASS
Password of user guest of RabbitMQ
@@ -116,4 +113,17 @@
+ OpenStack and supporting services require administrative privileges
+ during installation and operation. In some cases, services perform
+ modifications to the host that can interfere with deployment automation
+ tools such as Ansible, Chef, and Puppet. For example, some OpenStack
+ services add a root wrapper to sudo that can interfere
+ with security policies. See the
+ Cloud Administrator Guide
+ for more information. Also, the Networking service assumes default values
+ for kernel network parameters and modifies firewall rules. To avoid most
+ issues during your initial installation, we recommend using a stock
+ deployment of a supported distribution on your hosts. However, if you
+ choose to automate deployment of your hosts, review the configuration
+ and policies applied to them before proceeding further.