[Openstack] [metering] high-level design proposal

Nick Barcet nick.barcet at canonical.com
Thu May 24 04:36:05 UTC 2012 

On 05/22/2012 07:15 PM, Doug Hellmann wrote:
> 
> 
> On Tue, May 22, 2012 at 1:25 PM, Nick Barcet <nick.barcet at canonical.com
> <mailto:nick.barcet at canonical.com>> wrote:
> 
>     On 05/22/2012 03:26 PM, Doug Hellmann wrote:
>     >     -> In addition to a signature, I think we would need a
>     sequence number
>     >     to be embedded by the agent for each message sent, so that loss of
>     >     messages, or forgery of messages, can be detected by the
>     collector and
>     >     further audit process.
>     >
>     >
>     > OK. We have a message id, but I assumed those would be used to
>     eliminate
>     > duplicates so this sounds like something different or new. It implies
>     > that the agent knows its own id (not hard) and keeps up with a
>     sequence
>     > counter (more difficult, though not impossible). Did you have
>     something
>     > in mind for how to implement that?
> 
>     Actually, this was my intent in the original blueprint when I specified
>     the "message_id" field then a couple lines bellow: "a process may verify
>     that messages were not lost".  On the implementation side, I was
>     thinking that each agent would maintain its own sequence count, as a
>     global instance count would be pricier.  In my mind, non repudiation was
>     built from the message_signature + message_id which should be unique for
>     each agent.
> 
> 
> OK. That brings a couple of more specific questions to mind:
> 
> Does the agent save its sequence counter through a restart? How and
> where? What about an upgrade?

Seems easily stored locally.

> What would the down-stream consumer of the data do if it discovered
> there was a missing event? Who should do that detection work?

Not sure we need to worry about auditing process yet, just make sure
that we provide necessary the necessary information to do proper
auditing.  In principle, an audit process could then trigger an alert
for further investigation of the issue.

Nick

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120524/6a0fd30f/attachment.sig>

More information about the Openstack mailing list