[openstack-dev] [Sahara] Questions about how Sahara use trust ?
msm at redhat.com
Mon Jul 13 21:24:53 UTC 2015
On 07/12/2015 09:45 PM, Li, Chen wrote:
> Hi Andrew,
> Thanks for the reply.
> Are you mean :
> 1. admin user is used by transient cluster is mainly to make it work.
> 2. The proxy user is the more secure way to do the same thing.
> Should we use proxy user at all situation then ? Should this be a bp or just a bug ?
i think the trusts for the transient clusters serve a different purpose
than those for the swift access.
in the case of the swift proxy users, this is a security enhancement for
us because in order for hadoop jobs to access swift they must use a set
of credentials that are written to the workflow properties for the job.
for example, for hadoop-swift.jar to access swift it must have values for:
we wanted to avoid having the user enter their name and password into
the data source dialog, storing those values in our database, and then
having those values written out to a file on the nodes. to get around
this, we created the proxy user whose permissions are limited to the
trust and their accounts will expire when the job is finished. in this
manner, we limit the vulnerable information that is stored on the nodes.
i hope that makes sense, but please ask more if it does not =)
More information about the OpenStack-dev