Open Stack

On Monday, July 16, 2012 at 16:59 PM, Sean Dague wrote:

> Is there any update on work towards the no-db-compute blueprint? Even if 
> there isn't work done on it yet, has there been thinking on basic 
> strategy to get there?
> 
> I'd really like to see this one land for folsom, so would be happy to 
> apply some effort here.
> 


I believe drafter Russell Bryant has made some progress on this, but I'll wait for his response.

I've personally introduced a related patch, which is still in (perpetual) draft status as a PoC, to access the database over RPC. This would remove the direct access from compute nodes to the database, although they could still write to the database.  If we can complete the trusted-rpc-messaging blueprint, this could become a secure solution. I don't expect that trusted messaging + granular access control will arrive any sooner than Grizzly, however. With luck, it might appear as a patch for Folsom. Needless to say, that might not be the fastest path to a no-db-compute feature, but it would be a "free" consequence of changes we're making to otherwise secure the system.

I'll happily provide access to the draft patch for those in Gerrit, to those that are interested.

-- 
Eric Windisch