[openstack-dev] [trove] confused about trove-guestagent need nova's auth info

Mark Kirkwood mark.kirkwood at catalyst.net.nz
Sun Jan 11 09:10:07 UTC 2015

On 18/12/14 14:30, 乔建 wrote:
> When using trove, we need to configure nova’s user information in the
> configuration file of trove-guestagent, such as
> lnova_proxy_admin_user
> lnova_proxy_admin_pass
> lnova_proxy_admin_tenant_name
> Is it necessary? In a public cloud environment, It will lead to serious
> security risks.
> I traced the code, and noticed that the auth data mentioned above is
> packaged in a context object, then passed to the trove-conductor via
> message queue.
> Is it more suitable for trove-conductor to get the corresponding
> information from its own conf file?

Yes - all good points. Experimenting with devstack Juno branch, it seems 
you can happily remove these three settings.

However the guest agent does seem to need the rabbit host and password, 
which is probably undesirable for the same reasons that you mentioned above.



More information about the OpenStack-dev mailing list