Hide Forgot
Document URL: https://access.redhat.com/documentation/en/red-hat-cloudforms/4.1/managing-providers/#adding_openstack_providers Section Number and Name: 3.1.1.8 Adding OpenStack Providers: events Describe the issue: The OSP cloud provider supports amqp, but currently requires privileged access, my security standards prevent me from giving cart blanch access to my OSP overcloud environment. Can you please enumerate the permissions required by CFME so that I can use least privilege when creating the amqp user for CFME in my OSP overcloud environment. Suggestions for improvement: Add a section indicating required roles for the ceilometer user in the OSP provider. Additional information:
Hi! Are we talking about AMQP access or ceilometer access? The latter should be 'automatic' if you follow the setup steps. The former... well, we added ceilometer support because the OSP folks explicitly told us not to depend upon AMQP for OSP8 and above. They don't have any supported configuration which allows CloudForms to use AMQP and get the information it needs.
Thank you for raising this bug. After further discussion with the program team, we have been given the advice not to document specific permissions for service accounts at this time based on the following article - http://cloudformsblog.redhat.com/2017/08/16/security-management-operations/ As such, I will be closing this bug for now, but we can re-investigate this request again in the future if required.