[openstack-dev] [trove] confused about trove-guestagent need nova's auth info
dmakogon at mirantis.com
Sun Jan 11 09:25:58 UTC 2015
Hello to all.
On Sunday, January 11, 2015, Mark Kirkwood <mark.kirkwood at catalyst.net.nz>
> On 18/12/14 14:30, 乔建 wrote:
>> When using trove, we need to configure nova’s user information in the
>> configuration file of trove-guestagent, such as
>> Is it necessary? In a public cloud environment, It will lead to serious
>> security risks.
>> I traced the code, and noticed that the auth data mentioned above is
>> packaged in a context object, then passed to the trove-conductor via
>> message queue.
>> Is it more suitable for trove-conductor to get the corresponding
>> information from its own conf file?
Guest agent doesn't need configuration options described above. IIRC, only
taskmanager needs them.
About passing auth data. What are those benefits of changing the way in
which auth data is shipped? If you still think of security risks - you may
use SSL protocol that is available in most of messaging services.
> Yes - all good points. Experimenting with devstack Juno branch, it seems
> you can happily remove these three settings.
> However the guest agent does seem to need the rabbit host and password,
> which is probably undesirable for the same reasons that you mentioned above.
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev