There is not enough documentation regarding to MOS cluster security and Fuel node security.
This basic documentation on IT security should cover at least topics related to:
- network security / firewall considerations and TCP/UDP ports used by MOS services, MOS API's and other components required for proper MOS cluster operations
- guidance on securing API endpoints, some short guidance on securing API communications by applying SSL/TLS encryption using self-signed certificates
- guidance on working with external X.509 Certificate Authorities and X.509 certificates signed externally
This security guidance should be present in the following locations:
1). http://docs.mirantis.com/openstack/
2). It should be distributed with the installation ISO and available on the Fuel on-line help, during MOS cluster deployment and MOS cluster operations