Hello all, I think The current configuration model for OpenStack auth behaves quite inconsistently, so I would like some feedback about how to proceed after release 1.3.
There are (potentially) three sources of authentication information for the OpenStack driver: 1. ElastiCluster's configuration file 2. Environmental variables (e.g., `OS_USERNAME`, `OS_PASSWORD`) 3. os-client-config's `cloud.yml` and `secure.yml` files (not currently supported by ElastiCluster) Each of them has downsides: * For 1.: Credentials are written in the file in plaintext, intermixed with other public configuration data; can easily happen that they are posted as part of a bug report or by sharing an example config or that the file is not adequately protected (an issue on shared computers). * For 2.: Credentials are stored in the environment in plaintext (but at least they go away with the process), no danger of accidentally posting as part of a bug report. * For 3.: The YAML config file cannot (yet) be downloaded from the Horizon web interface (see [1], as opposed to e.g. just downloading the `openrc` environment file) so one has to copy+paste the information according to the spec in the instruction manual. I would like to eventually switch to 3. (os-client-config, which will be *the* configuration mechanism for official OpenStack CLI programs) but at present, ElastiCluster uses a "hybrid" approach between 1. and 2.: OpenStack settings (incl. authentication credentials) are read from the configuration file, but then they are overridden by the environment. This allows one to e.g. omit the `password=...` configuration key and instead set the `OS_PASSWORD` env variable as needed. However, this hybrid approach has another downside: it becomes pointless to keep different OpenStack configurations in the config file: as soon as the `openrc` file for a cloud is loaded, it will override the written configuration of *any* OpenStack cloud in ElastiCluster. So I would like to get some feedback: - is there anyone out there actually using multiple OpenStack clouds? (if not, I guess the current system is good enough) - if there is a need to support multiple OpenStack clouds at the same time, would the `os-client-config` method (nr 3. above) be a good way forward? - is the current OpenStack configuration system in ElastiCluster actually hindering anyone? Thanks for any comments! [1]: https://specs.openstack.org/openstack/openstack-specs/specs/clouds-yaml-support.html Ciao, R -- Riccardo Murri / Email: riccardo.mu...@gmail.com / Tel.: +41 77 458 98 32 -- You received this message because you are subscribed to the Google Groups "elasticluster" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticluster+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
