7c89d7e213
This is about the most of documentation I could come up with at this moment. I tried to follow other telemetry component documentation, to have similar structure. Change-Id: Ic1e7fffad33f56f15122ec57cea565b7829c4693
1.1 KiB
System Architecture
Aetos is a reverse-proxy, which should be used together with Prometheus. It implements a subset of Prometheus API to support observabilityclient's and Watcher's access to Prometheus. Using Aetos provides OpenStack authentication and multi-tenancy support to Prometheus.
- On most endpoints Aetos recognizes 2 types of access:
-
- privileged
- nonprivileged
Privileged access is by default automatically allowed for admin and service users and it allows sending requests without any restrictions. Privileged users can retrieve any metric from any project at any time. These users can also retrieve metrics coming from other sources than ceilometer, which typically lack openstack project labels.
Nonprivileged access is allowed for users with the reader or member role. These users cat retrieve metrics from their current project only. Aetos will automatically modify each request to prevent access to metrics from other projects.
Privileged and unprivileged access can be configured for each endpoint separately by modifying policies.