Open Stack

> -----Original Message-----
> From: Julien Danjou [mailto:julien at danjou.info]
> Sent: Monday, November 12, 2012 5:25 PM
> To: OpenStack Development Mailing List
> Subject: Re: [openstack-dev] [ceilometer] Could we use admin privilege in
> compute node?
> 
> On Sun, Nov 11 2012, Jiang, Yunhong wrote:
> 
> > 	I'm not sure if my concerns make sense and hope get some feedback
> > from the list. If yes, I plan to cook patches for followed changes:
> > 	a) Update that nova side, so that if "all_tenants" is passed, and
> > policy.jason support the role's compute.get_all access, will return all
> > instances. Not depends on admin privilege.
> > 	b) Update ceilometer, with two options for os_usename/os_password.
> 
> Yes, that makes sense security wise.

Thanks and I will cook patches for it tomorrow.

> 
> > 	BTW, I noticed os-username in ./ceilometer/service.py and
> > os_username in./ceilometer/nova_client.py, is it a typo, or it will work in
> > the cfg environment? I have no test environment at hand, and can't test it.
> 
> No it's OK, variable names can't have a - in it in Python, that's why we
> use both, but they're mapped to the same thing in both cases.

Thanks for sharing this.

--jyh
> 
> --
> Julien Danjou
> ;; Free Software hacker & freelance
> ;; http://julien.danjou.info