Security — Installation Guide documentation
Toggle navigation
Search
Software
Overview
OpenStack Components
SDKs
Deployment Tools
OpenStack Map
Sample Configs
Use Cases
Users in Production
Ironic Bare Metal
Edge Computing
Telecom & NFV
Science and HPC
Containers
Enterprise
User Survey
Events
Open Infrastructure Summits
Project Teams Gathering
OpenDev
Community Events
OpenStack & OpenInfra Days
Summit Videos
Community
Welcome! Start Here
OpenStack Technical Committee
Speakers Bureau
OpenStack Wiki
Get Certified (COA)
Jobs
Marketing Resources
Community News
Superuser Magazine
OpenInfra Foundation Supporting Organizations
Open Infrastructure Foundation (OpenInfra Foundation)
Marketplace
Training
Distros & Appliances
Public Clouds
Hosted Private Clouds
Remotely Managed Private Clouds
Consulting & Integrators
Drivers
Blog
Docs
Join
Sign up for Foundation Membership
Sponsor the Foundation
More about the Foundation
Log In
Security
Security¶
OpenStack services support various security methods including password,
policy, and encryption. Additionally, supporting services including the
database server and message broker support password security.
To ease the installation process, this guide only covers password
security where applicable. You can create secure passwords manually,
but the database connection string in services configuration file
cannot accept special characters like “@”. We recommend you generate
them using a tool such as
pwgen, or by running the
following command:
$ openssl rand -hex 10
For OpenStack services, this guide uses SERVICE_PASS to reference
service account passwords and SERVICE_DBPASS to reference database
passwords.
The following table provides a list of services that require passwords
and their associated references in the guide.
Passwords¶
Password name
Description
Database password (no variable used)
Root password for the database
ADMIN_PASS
Password of user admin
CINDER_DBPASS
Database password for the Block Storage service
CINDER_PASS
Password of Block Storage service user cinder
DASH_DBPASS
Database password for the Dashboard
DEMO_PASS
Password of user demo
GLANCE_DBPASS
Database password for Image service
GLANCE_PASS
Password of Image service user glance
KEYSTONE_DBPASS
Database password of Identity service
METADATA_SECRET
Secret for the metadata proxy
NEUTRON_DBPASS
Database password for the Networking service
NEUTRON_PASS
Password of Networking service user neutron
NOVA_DBPASS
Database password for Compute service
NOVA_PASS
Password of Compute service user nova
PLACEMENT_PASS
Password of the Placement service user placement
RABBIT_PASS
Password of RabbitMQ user openstack
OpenStack and supporting services require administrative privileges
during installation and operation. In some cases, services perform
modifications to the host that can interfere with deployment automation
tools such as Ansible, Chef, and Puppet. For example, some OpenStack
services add a root wrapper to sudo that can interfere with security
policies. See the
Compute service documentation for Pike,
the
Compute service documentation for Queens,
or the
Compute service documentation for Rocky
for more information.
The Networking service assumes default values for kernel network
parameters and modifies firewall rules. To avoid most issues during your
initial installation, we recommend using a stock deployment of a supported
distribution on your hosts. However, if you choose to automate deployment
of your hosts, review the configuration and policies applied to them before
proceeding further.
this page last updated: 2022-12-06 14:42:11
Except where otherwise noted, this document is licensed under
Creative Commons
Attribution 3.0 License. See all
OpenStack Legal Documents.
found an error? report a bug
OpenStack Documentation
Guides
Install Guides
User Guides
Configuration Guides
Operations and Administration Guides
API Guides
Contributor Guides
Languages
Deutsch (German)
Français (French)
Bahasa Indonesia (Indonesian)
Italiano (Italian)
日本語 (Japanese)
한국어 (Korean)
Português (Portuguese)
Türkçe (Türkiye)
简体中文 (Simplified Chinese)
Installation Guide
Conventions
Preface
Get started with OpenStack
Overview
Environment
Security
Host networking
Network Time Protocol (NTP)
OpenStack packages
SQL database
Message queue
Memcached
Etcd
Install OpenStack services
Launch an instance
Firewalls and default ports
Appendix
OpenStack
Projects
OpenStack Security
Common Questions
Blogg
News
Community
User Groups
Events
Jobs
Companies
Contribute
Documentation
OpenStack Manuals
Getting Started
API Documentation
Wiki
Branding & Legal
Logos & Guidelines
Trademark Policy
Privacy Policy
OpenStack CLA
Stay In Touch
The OpenStack project is provided under the
Apache 2.0 license. Openstack.org is powered by
Rackspace Cloud Computing.