Secure etcd service

Registered by Emilien Macchi on 2017-03-23

Etcd service was introduced in Ocata but not really secured (no auth & TLS configuration). We need to harden etcd to be secure for deployment environments.

Blueprint information

Status:
Complete
Approver:
Emilien Macchi
Priority:
High
Drafter:
Emilien Macchi
Direction:
Approved
Assignee:
Feng Pan
Definition:
Approved
Series goal:
Accepted for pike
Implementation:
Implemented
Milestone target:
milestone icon pike-3
Started by
Emilien Macchi on 2017-06-13
Completed by
Emilien Macchi on 2017-07-24

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/secure-etcd,n,z

Addressed by: https://review.openstack.org/454882
    Enable internal network TLS for etcd

Addressed by: https://review.openstack.org/455104
    Enable internal network TLS for etcd

Addressed by: https://review.openstack.org/455316
    etcd: Make HAProxy terminate TLS connections

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.