7c89d7e213
This is about the most of documentation I could come up with at this moment. I tried to follow other telemetry component documentation, to have similar structure. Change-Id: Ic1e7fffad33f56f15122ec57cea565b7829c4693
27 lines
1.1 KiB
ReStructuredText
27 lines
1.1 KiB
ReStructuredText
===================
|
|
System Architecture
|
|
===================
|
|
|
|
Aetos is a reverse-proxy, which should be used together with Prometheus.
|
|
It implements a subset of Prometheus API to support observabilityclient's and
|
|
Watcher's access to Prometheus. Using Aetos provides OpenStack authentication
|
|
and multi-tenancy support to Prometheus.
|
|
|
|
On most endpoints Aetos recognizes 2 types of access:
|
|
- privileged
|
|
- nonprivileged
|
|
|
|
Privileged access is by default automatically allowed for admin and service
|
|
users and it allows sending requests without any restrictions. Privileged
|
|
users can retrieve any metric from any project at any time. These users can
|
|
also retrieve metrics coming from other sources than ceilometer, which
|
|
typically lack openstack project labels.
|
|
|
|
Nonprivileged access is allowed for users with the reader or member role.
|
|
These users cat retrieve metrics from their current project only. Aetos
|
|
will automatically modify each request to prevent access to metrics from
|
|
other projects.
|
|
|
|
Privileged and unprivileged access can be configured for each endpoint
|
|
separately by modifying policies.
|