<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><br><br><br><br><br><div style="position:relative;zoom:1">--<br><div>Best</div><div> Li Tianqing</div><div style="clear:both"></div></div><div id="divNeteaseMailCard"></div><br><pre><br>At 2015-05-08 15:45:27, "Nikhil Manchanda" <nikhil@manchanda.me> wrote:
>
>Comments and answers inline.
>
>Li Tianqing writes:
>
>> [...]
>
>> 1) why we put the trove vm into user's tenant, not the trove's
>> tenant? User can login on that vm, and that vm must connect to
>> rabbitmq. It is quite insecure.
>> what's about put the tenant into trove tenant?
>
>While the default configuration of Trove in devstack puts Trove guest
>VMs into the users' respective tenants, it's possible to configure Trove
>to create VMs in a single "Trove" tenant. You would do this by
>overriding the default novaclient class in Trove's remote.py with one
>that creates all Trove VMs in a particular tenant whose user credentials
>you will need to supply. In fact, most production instances of Trove do
<div>>something like this.</div><div><br></div><div>I argue that why we do not do this in upstream. For that most production do this. And if you do this</div><div>you will find that there are many work need do. The community applies the laziest implementation.</div><div><br></div>>
>> 2) Why there is no trove mgmt cli, but mgmt api is in the code?
>> Does it disappear forever ?
>
>The reason for this is because the old legacy Trove client was rewritten
>to be in line with the rest of the openstack clients. The new client
>has bindings for the management API, but we didn't complete the work on
>writing the shell pieces for it. There is currently an effort to
>support Trove calls in the openstackclient, and we're looking to
>support the management client calls as part of this as well. If this is
>something that you're passionate about, we sure could use help landing
<div>>this in Liberty.</div><div><br></div><div>i do not see any bp about this.</div><div><br></div>>
>> 3) The trove-guest-agent is in vm. it is connected by taskmanager
>> by rabbitmq. We designed it. But is there some prectise to do this?
>> how to make the vm be connected in vm-network and management
>> network?
>
>Most deployments of Trove that I am familiar with set up a separate
>RabbitMQ server in cloud that is used by Trove. It is not recommended to
>use the same infrastructure RabbitMQ server for Trove for security
>reasons. Also most deployments of Trove set up a private (neutron)
>network that the RabbitMQ server and guests are connected to, and all
<div>>RPC messages are sent over this network.</div><div><br></div><div>But how the billing notifications of trove send to billing server? the billing server is definitely in management network.</div><div>The root of this problem is that you should make one service vm that can service user and can be connected in you management network.</div><div>This deployment can not be used in production. </div><div>This deployment is not proper, it just an lazy implementation too.</div><div><br></div>>
>Hope this helps,
>
>Thanks,
>Nikhil
>
>> [...]
>
>__________________________________________________________________________
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
</pre></div><br><br><span title="neteasefooter"><span id="netease_mail_footer"></span></span>