[Openstack-operators] RFC - Global Request Ids

Kris G. Lindgren klindgren at godaddy.com
Tue May 16 16:21:12 UTC 2017


As long as the request-id is validated that it looks like a guid/request id, I have no problem trusting the input and passing that around.  In fact we want to be able to take request-id inputs on the API, as we have other systems that call into our openstack api’s so if there is an issue it would be nice to be able to use the same request-id between those external systems and openstack.


___________________________________________________________________
Kris Lindgren
Senior Linux Systems Engineer
GoDaddy

On 5/16/17, 10:01 AM, "Sean Dague" <sean at dague.net> wrote:

    After the forum session on logging, we came up with what we think is an
    approach here for global request ids -
    https://review.openstack.org/#/c/464746/ - it would be great of
    interested operators would confirm this solves their concerns.
    
    There is also an open question. A long standing concern was "trusting"
    the request-id, though I don't really know how that could be exploited
    for anything really bad, and this puts in a system for using service
    users as a signal for trust.
    
    But.... the whole system is a lot easier, and comes together quicker, if
    we don't have that. For especially public cloud users, are there any
    concerns that you have in letting users set Request-Id (assuming you'll
    also still have a 2nd request-id that's service local and acts like
    request-id today)?
    
    	-Sean
    
    -- 
    Sean Dague
    http://dague.net
    
    _______________________________________________
    OpenStack-operators mailing list
    OpenStack-operators at lists.openstack.org
    http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
    



More information about the OpenStack-operators mailing list