Open Stack

Greetings,

I am trying to address an issue from certain perspectives and I think some
support from Nova may be needed.

Problem
Services like Trove use run in Nova Compute Instances.  These Services try
to provide an integrated and stable platform for which the ³service² can run
in a predictable manner.  Such elements include configuration of the
service, networking, installed packages, etc.  In today¹s world, when Trove
spins up an Instance to deploy a database on, it creates that Instance with
the Users Credentials.  Thus, to Nova, the User has full access to that
Instance through Nova¹s API.  This access can be used in ways which
unintentionally compromise the service.

Solution
A proposal is being formed that would put such Instances in a read-only or
invisible mode from the perspective of Nova.  That is, the Instance can only
be managed from the Service from which it was created.  At this point, we do
not need any granular controls.  A simple lock-down of the Nova API for
these Instances would suffice.  However, Trove would still need to interact
with this Instance via Nova API.

The basic requirements for Nova would beŠ

> A way to identify a request originating from a Service vs coming directly from
> an end-user
> A way to Identify which instances are being managed by a Service
> A way to prevent some or all access to the Instance unless the Service ID in
> the request matches that attached to the Instance
> 
Any feedback on this would be appreciated.

Thanks, 

Justin Hopper
Software Engineer - DBaaS
irc: juice | gpg: EA238CF3 | twt: @justinhopper


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140405/46094edd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5441 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140405/46094edd/attachment.bin>