[openstack-dev] [ceilometer] Could we use admin privilege in compute node?
Doug Hellmann
doug.hellmann at dreamhost.com
Tue Nov 13 16:06:03 UTC 2012
On Mon, Nov 12, 2012 at 4:25 AM, Julien Danjou <julien at danjou.info> wrote:
> On Sun, Nov 11 2012, Jiang, Yunhong wrote:
>
> > I'm not sure if my concerns make sense and hope get some feedback
> > from the list. If yes, I plan to cook patches for followed changes:
> > a) Update that nova side, so that if "all_tenants" is passed, and
> > policy.jason support the role's compute.get_all access, will return all
> > instances. Not depends on admin privilege.
>
That would be good.
> > b) Update ceilometer, with two options for os_usename/os_password.
>
> Yes, that makes sense security wise.
>
Do we actually need separate options? The configuration file for a compute
node will be separate from the configuration file for the central nodes. We
could use the same option and just fill in different values.
>
> > BTW, I noticed os-username in ./ceilometer/service.py and
> > os_username in./ceilometer/nova_client.py, is it a typo, or it will work
> in
> > the cfg environment? I have no test environment at hand, and can't test
> it.
>
> No it's OK, variable names can't have a - in it in Python, that's why we
> use both, but they're mapped to the same thing in both cases.
>
> --
> Julien Danjou
> ;; Free Software hacker & freelance
> ;; http://julien.danjou.info
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121113/adaecb54/attachment.html>
More information about the OpenStack-dev
mailing list