[openstack-dev] [trove] confused about trove-guestagent need nova's auth info
Mark Kirkwood
mark.kirkwood at catalyst.net.nz
Sun Jan 11 09:10:07 UTC 2015
On 18/12/14 14:30, 乔建 wrote:
> When using trove, we need to configure nova’s user information in the
> configuration file of trove-guestagent, such as
>
> lnova_proxy_admin_user
>
> lnova_proxy_admin_pass
>
> lnova_proxy_admin_tenant_name
>
> Is it necessary? In a public cloud environment, It will lead to serious
> security risks.
>
> I traced the code, and noticed that the auth data mentioned above is
> packaged in a context object, then passed to the trove-conductor via
> message queue.
>
> Is it more suitable for trove-conductor to get the corresponding
> information from its own conf file?
>
Yes - all good points. Experimenting with devstack Juno branch, it seems
you can happily remove these three settings.
However the guest agent does seem to need the rabbit host and password,
which is probably undesirable for the same reasons that you mentioned above.
Regards
Mark
More information about the OpenStack-dev
mailing list