Skip to content
Snippets Groups Projects

Ops accounts

Merged Carmelo Pellegrino requested to merge ops_accounts into site_admin
1 unresolved thread
1 file
+ 14
13
Compare changes
  • Side-by-side
  • Inline
@@ -91,26 +91,27 @@ The procedure to map a IAM group into a OpenStack local project is described in
Service accounts
^^^^^^^^^^^^^^^^
It is mandatory to enable the ``ops`` IAM user group, which must be mapped to a
local Openstack project. This is used to test the proper functionality of the
site, by instantiating new virtual machines, by creating volumes, etc. Such
temporary resources are deleted once the test is completed.
It is mandatory to enable the ``ops`` IAM user, which must be mapped to a local
OpenStack project. This is used to test the proper functionality of the site,
by instantiating new virtual machines, by creating volumes, etc. Such temporary
resources are deleted once the test is completed.
It is not necessary to assign floating IPs to the local project mapped to the
``ops`` IAM user group.
``ops`` IAM user.
Please also note that each IAM user group includes a special user called
``monitoring`` which is used for other monitoring purposes.
In particular it is needed:
The ``ops`` IAM user does also perform monitoring and accounting measurements.
* for the Cloud Information Provider;
* by the INFN Cloud security scan central service, which is used to detect
possible vulnerabilities in the services deployed on INFN Cloud resources.
In particular it is needed by:
* the Cloud Information Provider (CIP);
* the INFN-Cloud security-scan central service, which is used to detect
possible vulnerabilities in the services deployed on INFN-Cloud resources.
This user simply retrieves the list of images and flavors available in all
federated projects (for the cloud information provider) and the list of
instances (for the security scan service). No special actions are needed by
the site to enable such functionality.
instances (for the security scan service). No special actions are needed by the
site to enable such functionality.
The ``ops`` user **must not** have admin privileges on any OpenStack project.
Configuring projects for services on public networks
----------------------------------------------------
Loading