[openstack-dev] Cells design issue
Robert Collins
robertc at robertcollins.net
Fri Jun 14 09:13:10 UTC 2013
On 14 June 2013 15:03, Chris Behrens <cbehrens at codestud.com> wrote:
>
>> You have a rabbit bus for cross-cell communications, and an endpoint
>> on that bus for each cell. Cells need to know about other endpoints
>
> Not so, although that's interesting. There's 1 rabbit bus per cell, not a global rabbit bus. A parent cell talks to its immediate children by putting a message onto the child cell's bus. So, this means that each cell needs to have rabbit credentials for its immediate parents or children.
Ah! so there is a manual hierarchy, interesting. That implies limited
numbers of machines impacted by credentials, as it's not a full mesh -
so I can see why reusing the rabbit bus within each cell was
attractive. Not sure I would have done it that way, but that's
orthogonal :).
So yeah, I'm in favour of treating it like the existing rabbit creds
for nova etc, and putting it in their config file.
> The question that Kevin is asking is… do we fix this all in the DB and do some sort of encryption on the credentials. Or do we do a JSON config file for cells? And if we do the latter, how do we handle the migration?
Credentials in a DB is a really really really hard thing to get right.
Anyone that compromises any machine that can uses the credentials gets
them all... better to do it really simply, with local per-machine
data, at least until someone has several weeks to noodle through all
the implications of doing it in a shared DB.
Thanks for answering my questions, I know more about cells now :)
Also, hopefully they were helpful in analysing the issue.
-Rob
--
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Cloud Services
More information about the OpenStack-dev
mailing list