Open Stack

Thanks Bruno!

I will check that book.

Cheers.

El sáb., 4 feb. 2017 a las 16:40, Bruno L (<teolupus.ext at gmail.com>)
escribió:

> Sergio,
>
> I spoke with the Trove team at the summit. They recommend the use of a
> service tenant and to harden up your DB instances (for example with
> AppArmour), as a way to mitigate this risk.
>
> You are right to say that there is little to no documentation and how to
> set it up this way. You will find some info about it on a book written by
> Amrith Kumar.
>
> At Catalyst we have plans to improve the upstream docs when the time to
> implement Trove comes. The current docs may be suitable for a private cloud
> scenario (where you may trust your internal customers), but are not
> suitable for public clouds.
>
> If you are doing this now, you may consider submitting a few patches to
> the docs! ;-)
>
> Cheers
> Bruno
>
> On Sat, 4 Feb 2017, 5:52 AM Sergio Morales Acuña <semoac at gmail.com> wrote:
>
> Hi.
>
> I'm looking for information about the "Trove Shadow Tenant" feature.
>
> There some blogs talking about this but I can't find any information about
> the configuration.
>
> I have a working implementation of Trove but the instance is created in
> the same project as the user requesting the database. This is a problem for
> me because the user can create a snapshot of the instance and capture the
> RabbitMQ password.
>
> I tried  a non-admin credentials for nova_proxy_*, but the instance is
> still been created in the user project. I'm using the branch stable/newton.
>
> Cheers.
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170205/ea0fb051/attachment.html>