[openstack-dev] [Sahara] Questions about how Sahara use trust ?

michael mccune msm at redhat.com
Mon Jul 13 21:24:53 UTC 2015

On 07/12/2015 09:45 PM, Li, Chen wrote:
> Hi Andrew,
> Thanks for the reply.
> Are you mean :
> 1.       admin user is used by transient cluster is mainly to make it work.
> 2.       The proxy user is the more secure  way to do the same thing.
> Should we use proxy user at all situation then ? Should this be a bp or just a bug ?
> Thanks.
> -chen

hi chen,

i think the trusts for the transient clusters serve a different purpose 
than those for the swift access.

in the case of the swift proxy users, this is a security enhancement for 
us because in order for hadoop jobs to access swift they must use a set 
of credentials that are written to the workflow properties for the job.

for example, for hadoop-swift.jar to access swift it must have values for:


we wanted to avoid having the user enter their name and password into 
the data source dialog, storing those values in our database, and then 
having those values written out to a file on the nodes. to get around 
this, we created the proxy user whose permissions are limited to the 
trust and their accounts will expire when the job is finished. in this 
manner, we limit the vulnerable information that is stored on the nodes.

i hope that makes sense, but please ask more if it does not =)


More information about the OpenStack-dev mailing list