Ask Your Question
0

Trove guest-agent unable to talk to RabbitMQ

asked 2016-10-19 12:51:22 -0500

nikheg gravatar image

I setup openstack (Mitaka) using openstack ansible scripts (and my own playbooks for Trove), and Neutron for networking. Each service is in a separate linux container. The controller and compute nodes are separate physical systems. There is an external network for trove instances to use (so users can get to the databases) and a management network for the containers (in the controller nodes) and the compute nodes to talk to each other. However, Trove needs the guest-agent in a nova instance to be able to talk to RabbitMQ which is in a container. This would mean giving a nova instance access to the management network, which seems like a security issue and not really addressed in the trove/neutron pubs as far as I can tell. Has any one tried this and maybe found a way to make it work?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-10-20 11:06:33 -0500

amrith gravatar image

Thanks for the question. This is a topic that is addressed in the Trove documentation (installation and configuration). Please refer that, and yes this is something that several have addressed and got to work.

edit flag offensive delete link more

Comments

Thanks Amrith. I did read the documentation. I was asking about the security aspect. The doc suggests adding a guest private network (using default_neutron_networks option), and I need to provide a net-id there. What's to prevent anyone else from joining this network? Or did I misunderstand the doc?

nikheg gravatar imagenikheg ( 2016-10-20 16:54:00 -0500 )edit

Neutron security; just knowing a network ID doesn't mean that you can join it. you need also the credentials to connect to that. You need to ensure that your guest instance (a service VM) is secure and many methods exist to ensure this.

amrith gravatar imageamrith ( 2016-10-30 04:24:04 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-10-19 12:50:15 -0500

Seen: 208 times

Last updated: Oct 20 '16