3. Assign the role to a user on a specific project: openstack role add --project demo --user user1 read-only 4. Modify policy files to restrict operations for the role: vi /etc/keystone/policy.json Update policies: "identity:list_users": "role:admin or role:read -only" 5. Restart Keystone to apply changes: systemctl restart openstack -keystone To protect the OpenStack Horizon dashboard, you need to enable TLS encryption for secure web access. How would you configure HTTPS for the OpenStack dashboard?
systemctl restart httpd systemctl restart openstack -dashboard 5. Verify HTTPS access by visiting the dashboard: https://<controller -ip>/dashboard To ensure OpenStack nodes remain secure, you need to set up automatic security patching. How would you configure OpenStack nodes to receive and apply security updates automatically?
Explanation: 1. Install the OpenStack audit middleware package: yum install -y openstack -keystone -audit 2. Enable audit middleware in Keystone configuration: vi /etc/keystone/keystone.conf Add the following under [middleware]: [filter:audit] use = egg:keystonemiddleware#audit 3. Restart Keystone to enable audit logging: systemctl restart openstack -keystone 4. Check audit logs for recorded security events: cat /var/log/keystone/keystone -audit.log To integrate an Identity Management (IdM) back -end with OpenStack Keystone, you need to configure LDAP authentication for user management. How would you set up Keystone to use an external LDAP directory?
3. Configure LDAP connection settings: vi /etc/keystone/keystone.conf Update [ldap] section: url = ldap://ldap.example.com user = cn=admin,dc=example,dc=com password = your_password suffix = dc=example,dc=com user_tree_dn = ou=Users,dc=example,dc=com user_objectclass = inetOrgPerson 4. Restart Keystone to apply changes: systemctl restart openstack -keystone 5. Verify LDAP users in OpenStack: openstack user list To ensure OpenStack services have scoped access to specific projects, you need to define domain -scoped and project -scoped access. How would you enforce scoped service access?
openstack role add --project SecureProject --user secureuser member 5. Verify that scoped access is enforced: openstack role assignment list --user secureuser --project SecureProject You need to configure OpenStack to authenticate users using Kerberos within an IdM environment. How would you integrate Keystone with Kerberos?
➢ TOTAL QUESTIONS: 290 You are responsible for managing the OpenStack control plane and ensuring all core services are running without failure. A user reports that OpenStack Compute (Nova) is not responding. Your task is to check the status of all OpenStack services on the control plane, restart any failed services, and verify that they are running correctly. How would you achieve this?
