Use standard CLI options & env vars for creds.
For consistency with the standard openstack CLIs, we use the same set of config/command line/env var options to provide credentials for the glance pollster's interaction with the glance-registry. (The exception here is the ability to pass in a previously acquired authentication token via --os-auth-token/OS_AUTH_TOKEN, as this would not make sense for a long-lived service given the limited lifetime of keystone tokens.) As well as having the advantage of familiarity, this approach allows users to avoid encoding sensitive credentials in config files (instead environment variables or command line options may be used). Also, if future non-glance pollsters need authenticated access to other openstack services, more generic naming of the config options would be preferable. Change-Id: I7505c3f668262951c034f36ccd15ce706f06bf0f
This commit is contained in:
Eoghan Glynn
parent
50da744ed5
commit
70c73dbf9a
@ -38,21 +38,6 @@ cfg.CONF.register_opts(
|
|||||||
cfg.IntOpt('glance_registry_port',
|
cfg.IntOpt('glance_registry_port',
|
||||||
default=9191,
|
default=9191,
|
||||||
help="URL of Glance API server"),
|
help="URL of Glance API server"),
|
||||||
cfg.StrOpt('glance_username',
|
|
||||||
default="glance",
|
|
||||||
help="Username to use for Glance access"),
|
|
||||||
cfg.StrOpt('glance_password',
|
|
||||||
default="admin",
|
|
||||||
help="Password to use for Glance access"),
|
|
||||||
cfg.StrOpt('glance_tenant_id',
|
|
||||||
default="",
|
|
||||||
help="Tenant ID to use for Glance access"),
|
|
||||||
cfg.StrOpt('glance_tenant_name',
|
|
||||||
default="admin",
|
|
||||||
help="Tenant name to use for Glance access"),
|
|
||||||
cfg.StrOpt('glance_auth_url',
|
|
||||||
default="http://localhost:5000/v2.0",
|
|
||||||
help="Auth URL to use for Glance access"),
|
|
||||||
])
|
])
|
||||||
|
|
||||||
|
|
||||||
@ -60,11 +45,11 @@ class _Base(plugin.PollsterBase):
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_registry_client():
|
def get_registry_client():
|
||||||
k = ksclient.Client(username=cfg.CONF.glance_username,
|
k = ksclient.Client(username=cfg.CONF.os_username,
|
||||||
password=cfg.CONF.glance_password,
|
password=cfg.CONF.os_password,
|
||||||
tenant_id=cfg.CONF.glance_tenant_id,
|
tenant_id=cfg.CONF.os_tenant_id,
|
||||||
tenant_name=cfg.CONF.glance_tenant_name,
|
tenant_name=cfg.CONF.os_tenant_name,
|
||||||
auth_url=cfg.CONF.glance_auth_url)
|
auth_url=cfg.CONF.os_auth_url)
|
||||||
return client.RegistryClient(cfg.CONF.glance_registry_host,
|
return client.RegistryClient(cfg.CONF.glance_registry_host,
|
||||||
cfg.CONF.glance_registry_port,
|
cfg.CONF.glance_registry_port,
|
||||||
auth_tok=k.auth_token)
|
auth_tok=k.auth_token)
|
||||||
|
|||||||
@ -17,6 +17,8 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
from nova import flags
|
from nova import flags
|
||||||
|
|
||||||
from ceilometer.openstack.common import log
|
from ceilometer.openstack.common import log
|
||||||
@ -28,6 +30,32 @@ cfg.CONF.register_opts([
|
|||||||
help='seconds between running periodic tasks')
|
help='seconds between running periodic tasks')
|
||||||
])
|
])
|
||||||
|
|
||||||
|
CLI_OPTIONS = [
|
||||||
|
cfg.StrOpt('os-username',
|
||||||
|
default=os.environ.get('OS_USERNAME', 'glance'),
|
||||||
|
help='Username to use for openstack service access'),
|
||||||
|
cfg.StrOpt('os-password',
|
||||||
|
default=os.environ.get('OS_PASSWORD', 'admin'),
|
||||||
|
help='Password to use for openstack service access'),
|
||||||
|
cfg.StrOpt('os-tenant-id',
|
||||||
|
default=os.environ.get('OS_TENANT_ID', ''),
|
||||||
|
help='Tenant ID to use for openstack service access'),
|
||||||
|
cfg.StrOpt('os-tenant-name',
|
||||||
|
default=os.environ.get('OS_TENANT_NAME', 'admin'),
|
||||||
|
help='Tenant name to use for openstack service access'),
|
||||||
|
cfg.StrOpt('os-auth-url',
|
||||||
|
default=os.environ.get('OS_AUTH_URL',
|
||||||
|
'http://localhost:5000/v2.0'),
|
||||||
|
help='Auth URL to use for openstack service access'),
|
||||||
|
]
|
||||||
|
cfg.CONF.register_cli_opts(CLI_OPTIONS)
|
||||||
|
|
||||||
|
|
||||||
|
def _sanitize_cmd_line(argv):
|
||||||
|
"""Remove non-nova CLI options from argv."""
|
||||||
|
cli_opt_names = ['--%s' % o.name for o in CLI_OPTIONS]
|
||||||
|
return [a for a in argv if a in cli_opt_names]
|
||||||
|
|
||||||
|
|
||||||
def prepare_service(argv=[]):
|
def prepare_service(argv=[]):
|
||||||
cfg.CONF(argv[1:])
|
cfg.CONF(argv[1:])
|
||||||
@ -35,5 +63,5 @@ def prepare_service(argv=[]):
|
|||||||
# to have the RPC and DB access work correctly because we are
|
# to have the RPC and DB access work correctly because we are
|
||||||
# still using the Service object out of nova directly. We need to
|
# still using the Service object out of nova directly. We need to
|
||||||
# move that into openstack.common.
|
# move that into openstack.common.
|
||||||
flags.parse_args(argv)
|
flags.parse_args(_sanitize_cmd_line(argv))
|
||||||
log.setup('ceilometer')
|
log.setup('ceilometer')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user