[openstack-dev] [ceilometer] Could we use admin privilege in compute node?

Julien Danjou julien at danjou.info
Mon Nov 12 09:25:13 UTC 2012


On Sun, Nov 11 2012, Jiang, Yunhong wrote:

> 	I'm not sure if my concerns make sense and hope get some feedback
> from the list. If yes, I plan to cook patches for followed changes:
> 	a) Update that nova side, so that if "all_tenants" is passed, and
> policy.jason support the role's compute.get_all access, will return all
> instances. Not depends on admin privilege.
> 	b) Update ceilometer, with two options for os_usename/os_password. 

Yes, that makes sense security wise.

> 	BTW, I noticed os-username in ./ceilometer/service.py and
> os_username in./ceilometer/nova_client.py, is it a typo, or it will work in
> the cfg environment? I have no test environment at hand, and can't test it.

No it's OK, variable names can't have a - in it in Python, that's why we
use both, but they're mapped to the same thing in both cases.

-- 
Julien Danjou
;; Free Software hacker & freelance
;; http://julien.danjou.info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121112/a56446c4/attachment.pgp>


More information about the OpenStack-dev mailing list