Subject: Re: [Trove] State of the Trove service tenant deployment model

Zhang Fan zh.f at outlook.com
Wed Jan 23 06:12:19 UTC 2019 

Hey all,

Glad to see someone actually having trove in production and giving feedback to the community, thanks for doing that BTW.

IIRC, back in 2017, we had a remote discussion during PTG, and we were planning to adopt octavia solution, @huntxu drafted a specs https://review.openstack.org/#/c/553679/, but as far as I know, he will not continue this work in the future.

Best Wishes.

Fan Zhang

On Jan 23, 2019, at 09:04, Zane Bitter <zbitter at redhat.com<mailto:zbitter at redhat.com>> wrote:

On 23/01/19 9:09 AM, Darek Król wrote:
On Tue, Jan 22, 2019 at 07:29:25PM +1300, Zane Bitter wrote:
Last time I heard (which was probably mid-2017), the Trove team had
implemented encryption for messages on the RabbitMQ bus. IIUC each DB being
managed had its own encryption keys, so that would theoretically prevent
both snooping and spoofing of messages. That's the good news.

The bad news is that AFAIK it's still using a shared RabbitMQ bus, so
attacks like denial of service are still possible if you can extract the
shared credentials from the VM. Not sure about replay attacks; I haven't
actually investigated the implementation.

cheers,
Zane.
Excellent - many thanks for the confirmation.

Cheers,
Michael
Hello Michael and Zane,
sorry for the late reply.
I believe Zane is referring to a video from 2017 [0].
Yes, messages from trove instances are encrypted and the keys are kept
in Trove DB. It is still a shared message bus, but it can be a message
bus dedicated for Trove only and separated from message bus shared by
other Openstack services.
DDOS attacks are also mentioned in the video as a potential threat but
there is very little details and possible solutions.

Yes, in fact that was me asking the question in that video :)

Recently we had
some internal discussion about this threat within Trove team. Maybe we
could user Rabbitmq mechanisms for flow control mentioned in [1,2,3] ?
Another point, I'm wondering if this is a problem only in Trove or is
it something other services would be interesting in also ?
Best,
Darek
[0] https://youtu.be/dzvcKlt3Lx8
[1] https://www.rabbitmq.com/flow-control.html
[2] http://www.rabbitmq.com/blog/2012/04/17/rabbitmq-performance-measurements-part-1/
[3] https://tech.labs.oliverwyman.com/blog/2013/08/31/controlling-fast-producers-in-a-rabbit-as-a-service/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190123/578f6e5e/attachment.html>

More information about the openstack-discuss mailing list