Ask Your Question

Trove guest-agent unable to talk to RabbitMQ

asked 2016-10-19 12:51:22 -0500

nikheg gravatar image

I setup openstack (Mitaka) using openstack ansible scripts (and my own playbooks for Trove), and Neutron for networking. Each service is in a separate linux container. The controller and compute nodes are separate physical systems. There is an external network for trove instances to use (so users can get to the databases) and a management network for the containers (in the controller nodes) and the compute nodes to talk to each other. However, Trove needs the guest-agent in a nova instance to be able to talk to RabbitMQ which is in a container. This would mean giving a nova instance access to the management network, which seems like a security issue and not really addressed in the trove/neutron pubs as far as I can tell. Has any one tried this and maybe found a way to make it work?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-10-20 11:06:33 -0500

amrith gravatar image

Thanks for the question. This is a topic that is addressed in the Trove documentation (installation and configuration). Please refer that, and yes this is something that several have addressed and got to work.

edit flag offensive delete link more


Thanks Amrith. I did read the documentation. I was asking about the security aspect. The doc suggests adding a guest private network (using default_neutron_networks option), and I need to provide a net-id there. What's to prevent anyone else from joining this network? Or did I misunderstand the doc?

nikheg gravatar imagenikheg ( 2016-10-20 16:54:00 -0500 )edit

Neutron security; just knowing a network ID doesn't mean that you can join it. you need also the credentials to connect to that. You need to ensure that your guest instance (a service VM) is secure and many methods exist to ensure this.

amrith gravatar imageamrith ( 2016-10-30 04:24:04 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-10-19 12:50:15 -0500

Seen: 282 times

Last updated: Oct 20 '16