[Trove] State of the Trove service tenant deployment model
Hi all, Is anyone aware of the current state of the "service tenant" deployment model for Trove, and whether it is a viable option; or whether the historical method of customer tenants/projects are still the recommended approach? Any and all comments/thoughts/gotchas would be most appreciated! Cheers, Michael
Hi Michael,
Is anyone aware of the current state of the "service tenant" deployment model for Trove, and whether it is a viable option; or whether the historical method of customer tenants/projects are still the recommended approach?
Any and all comments/thoughts/gotchas would be most appreciated!
We've had it running in production on the Nectar cloud for the last 12 months. The work I did made it upstream, so you should be right to go from at least Queens. You'll just need to set something like this in your Trove config: nova_proxy_admin_user = trove nova_proxy_admin_pass = <pass> nova_proxy_admin_tenant_name = trove remote_nova_client = trove.common.single_tenant_remote.nova_client_trove_admin remote_cinder_client = trove.common.single_tenant_remote.cinder_client_trove_admin remote_neutron_client = trove.common.single_tenant_remote.neutron_client_trove_admin cheers, Andy
Hi Andy, On Tue, 22 Jan 2019 09:43:17 +1100 Andy Botting <andy@andybotting.com> wrote: <snip for clarity>
We've had it running in production on the Nectar cloud for the last 12 months. The work I did made it upstream, so you should be right to go from at least Queens.
You'll just need to set something like this in your Trove config:
nova_proxy_admin_user = trove nova_proxy_admin_pass = <pass> nova_proxy_admin_tenant_name = trove remote_nova_client = trove.common.single_tenant_remote.nova_client_trove_admin remote_cinder_client = trove.common.single_tenant_remote.cinder_client_trove_admin remote_neutron_client = trove.common.single_tenant_remote.neutron_client_trove_admin
cheers, Andy
Superb -- great to hear! Would it be fair to say that the old Rabbit message bus security issue (shared credentials that could be extracted from backups) is no longer an issue? (Apologies if this is long gone -- from an initial foray into the code it was hard to tell). Cheers, Michael
Hi Michael,
Superb -- great to hear!
Would it be fair to say that the old Rabbit message bus security issue (shared credentials that could be extracted from backups) is no longer an issue? (Apologies if this is long gone -- from an initial foray into the code it was hard to tell).
Good question - I'm not entirely sure. I did remember sitting on a presentation a while back saying they were fixing it. I haven't had a good look into the backups, so I'm not sure if the rabbit creds are actually in the backup file or not. cheers
No problem -- shall dig much deeper, and post an update on this thread once more is known. Cheers, Michael On Tue, Jan 22, 2019 at 10:23:16AM +1100, Andy Botting wrote:
Hi Michael,
Superb -- great to hear!
Would it be fair to say that the old Rabbit message bus security issue (shared credentials that could be extracted from backups) is no longer an issue? (Apologies if this is long gone -- from an initial foray into the code it was hard to tell).
Good question - I'm not entirely sure. I did remember sitting on a presentation a while back saying they were fixing it.
I haven't had a good look into the backups, so I'm not sure if the rabbit creds are actually in the backup file or not.
cheers
On 22/01/19 12:13 PM, Michael Richardson wrote:
Hi Andy,
On Tue, 22 Jan 2019 09:43:17 +1100 Andy Botting <andy@andybotting.com> wrote:
<snip for clarity>
We've had it running in production on the Nectar cloud for the last 12 months. The work I did made it upstream, so you should be right to go from at least Queens.
You'll just need to set something like this in your Trove config:
nova_proxy_admin_user = trove nova_proxy_admin_pass = <pass> nova_proxy_admin_tenant_name = trove remote_nova_client = trove.common.single_tenant_remote.nova_client_trove_admin remote_cinder_client = trove.common.single_tenant_remote.cinder_client_trove_admin remote_neutron_client = trove.common.single_tenant_remote.neutron_client_trove_admin
cheers, Andy
Superb -- great to hear!
Would it be fair to say that the old Rabbit message bus security issue (shared credentials that could be extracted from backups) is no longer an issue? (Apologies if this is long gone -- from an initial foray into the code it was hard to tell).
Last time I heard (which was probably mid-2017), the Trove team had implemented encryption for messages on the RabbitMQ bus. IIUC each DB being managed had its own encryption keys, so that would theoretically prevent both snooping and spoofing of messages. That's the good news. The bad news is that AFAIK it's still using a shared RabbitMQ bus, so attacks like denial of service are still possible if you can extract the shared credentials from the VM. Not sure about replay attacks; I haven't actually investigated the implementation. cheers, Zane.
On Tue, Jan 22, 2019 at 07:29:25PM +1300, Zane Bitter wrote:
Last time I heard (which was probably mid-2017), the Trove team had implemented encryption for messages on the RabbitMQ bus. IIUC each DB being managed had its own encryption keys, so that would theoretically prevent both snooping and spoofing of messages. That's the good news.
The bad news is that AFAIK it's still using a shared RabbitMQ bus, so attacks like denial of service are still possible if you can extract the shared credentials from the VM. Not sure about replay attacks; I haven't actually investigated the implementation.
cheers, Zane.
Excellent - many thanks for the confirmation. Cheers, Michael
participants (3)
-
Andy Botting
-
Michael Richardson
-
Zane Bitter