<div dir="ltr">Thanks you all for your answers.<div><br></div><div><div>I'm working with Trove on a Public Cloud and we have a separate RabbitMQ Cluster just for Trove.</div><div><br></div><div>I now understand that the use of a "shadow tenant" it's a very specific implementation of Trove.</div><div><br></div><div>Today, the only security concern we have is the rabbitmq password in the trove-gustagent.conf file. We are also testing the use of two ramdisks (tmpfs) for the /etc/trove/conf.d files and the "cloud-init" files inside the guest image to minimize the risk.</div></div><div><br></div><div>Cheer and once again thank you for your answers.</div><div><br><div class="gmail_quote"><div dir="ltr">El dom., 5 feb. 2017 a las 19:22, Mark Kirkwood (<<a href="mailto:mark.kirkwood@catalyst.net.nz">mark.kirkwood@catalyst.net.nz</a>>) escribió:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Sergio,<br class="gmail_msg">
<br class="gmail_msg">
With respect to the rabbit security - you can (and probably should) use<br class="gmail_msg">
a different rabbit server for the trove message queue i.e not your<br class="gmail_msg">
openstack rabbit. I *think* this is mentioned in the trove deployment<br class="gmail_msg">
docs these days (it didn't used to be), and it is easy to miss wherever<br class="gmail_msg">
it is mentioned! However this by itself is not enough really - as your<br class="gmail_msg">
trove rabbit can be dos'd/hacked to cause mayhem to all running trove<br class="gmail_msg">
instances.<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
The shadow tenant seems like the plan. However you are absolutely<br class="gmail_msg">
correct - how to actually set it up is...err not that well documented.<br class="gmail_msg">
I've made a comment on one of the various blogs to that effect. I'm<br class="gmail_msg">
hoping it will spur one of the experts to show us in detail how it is<br class="gmail_msg">
done :-)<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
regards<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
Mark<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
On 04/02/17 05:42, Sergio Morales Acuña wrote:<br class="gmail_msg">
> Hi.<br class="gmail_msg">
><br class="gmail_msg">
> I'm looking for information about the "Trove Shadow Tenant" feature.<br class="gmail_msg">
><br class="gmail_msg">
> There some blogs talking about this but I can't find any information<br class="gmail_msg">
> about the configuration.<br class="gmail_msg">
><br class="gmail_msg">
> I have a working implementation of Trove but the instance is created<br class="gmail_msg">
> in the same project as the user requesting the database. This is a<br class="gmail_msg">
> problem for me because the user can create a snapshot of the instance<br class="gmail_msg">
> and capture the RabbitMQ password.<br class="gmail_msg">
><br class="gmail_msg">
> I tried a non-admin credentials for nova_proxy_*, but the instance is<br class="gmail_msg">
> still been created in the user project. I'm using the branch<br class="gmail_msg">
> stable/newton.<br class="gmail_msg">
><br class="gmail_msg">
> Cheers.<br class="gmail_msg">
><br class="gmail_msg">
><br class="gmail_msg">
> _______________________________________________<br class="gmail_msg">
> Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class="gmail_msg">
> Post to : <a href="mailto:openstack@lists.openstack.org" class="gmail_msg" target="_blank">openstack@lists.openstack.org</a><br class="gmail_msg">
> Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class="gmail_msg">
<br class="gmail_msg">
</blockquote></div></div></div>