[openstack-dev] [Blazar] Design question regarding use of trusts for physical reservation

Pierre Riteau priteau at uchicago.edu
Thu Feb 9 11:39:35 UTC 2017


Hello,

When Blazar was migrated to use trusts for physical host reservation (https://review.openstack.org/#/c/84158/), it required Blazar users to be able to manage host aggregates (which is not allowed by default Nova policies).
I believe that is not a good approach because it would allow them to take nodes out of the freepool, completely bypassing Blazar and of course causing problems with the system.
I explained the problem in more details in this bug report: https://bugs.launchpad.net/blazar/+bug/1663204

It seems to me that Blazar still needs an account with admin privileges to perform some actions on behalf of non-admin users.
Was there another alternative that was planned by the Blazar team at the time that I overlooked?

Thanks,
Pierre

PS: I realise this is about code written almost 3 years ago, so I understand if details are very fuzzy at this point…




More information about the OpenStack-dev mailing list