On 18/12/14 14:30, 乔建 wrote:
When using trove, we need to configure nova’s user information in the
configuration file of trove-guestagent, such as
lnova_proxy_admin_user
lnova_proxy_admin_pass
lnova_proxy_admin_tenant_name
Is it necessary? In a public cloud environment, It will lead to serious
security risks.
I traced the code, and noticed that the auth data mentioned above is
packaged in a context object, then passed to the trove-conductor via
message queue.
Is it more suitable for trove-conductor to get the corresponding
information from its own conf file?
Yes - all good points. Experimenting with devstack Juno branch, it seems
you can happily remove these three settings.
However the guest agent does seem to need the rabbit host and password,
which is probably undesirable for the same reasons that you mentioned above.
Regards
Mark
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
