Hi All, Please help me in understanding below scenario ???
OS::Neutron resources have tenant_id as parameter, so the default authorization settings in keystone will allow administrative users to create resources on behalf of a different project. I mean with an admin token the network can be created in a specific customer/tenant context. Why not the same is provided for OS::Nova::Server ?? I had this requirement for auto-healing/scaling of a VM. I am doing manual scaling based on inputs from monitoring framework instead of ceilometer alarms. I launched my heat stack in a tenant using python-api bindings: >>> tenant_id = 'Tenant-A' >>> heat_url = 'http://heat.example.org:8004/v1/%s' % tenant_id >>> auth_token = 'user-A-in-Tenant-A auth-token' >>> from heatclient.client import Client >>> heat = Client('1', endpoint=heat_url, token=auth_token) If I need to scale VM's belonging to this tenant, can I use tenant_id = 'Tenant-A' and auth_token corresponding to admin Tenant who has role access in Tenant-A. [I am getting an error like User of admin tenant is is unauthorized for tenant-A ] Because through monitoring framework, I can have admin details and no tenant context ?? Is it suggestible to store user-credentials of Tenant-A and re-generate auth-token and work ?? Thanks Eswar
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
