| *** jamesmcarthur has quit IRC | 00:39 | |
| *** jamesmcarthur has joined #openstack-trove | 01:15 | |
| *** jamesmcarthur has quit IRC | 02:28 | |
| *** jamesmcarthur has joined #openstack-trove | 02:33 | |
| *** jamesmcarthur has quit IRC | 02:52 | |
| *** jamesmcarthur has joined #openstack-trove | 03:11 | |
| *** jamesmcarthur has quit IRC | 03:16 | |
| *** jamesmcarthur has joined #openstack-trove | 03:43 | |
| *** kei_yama has quit IRC | 03:49 | |
| *** kei_yama has joined #openstack-trove | 04:02 | |
| *** tianhui has joined #openstack-trove | 04:47 | |
| *** tianhui_ has quit IRC | 04:49 | |
| *** jamesmcarthur has quit IRC | 05:04 | |
| *** Bhujay has joined #openstack-trove | 05:38 | |
| *** rcernin has quit IRC | 07:29 | |
| *** tosky has joined #openstack-trove | 07:36 | |
| openstackgerrit | Elod Illes proposed openstack/trove stable/queens: Use neutronclient for floatingip operations https://review.openstack.org/580584 | 09:04 |
|---|---|---|
| *** jamesmcarthur has joined #openstack-trove | 09:16 | |
| *** jamesmcarthur has quit IRC | 09:20 | |
| Bhujay | hello everybody , need some help in understanding for the trove networking communication so that it can be implemented with adequate security for my organization | 09:44 |
| Bhujay | can you refer some doc on this | 09:45 |
| Bhujay | specifically i am looking for trove services and guest VM communication | 09:46 |
| Bhujay | Does the VM requires connection back to control plane or only one way communication from control plane to VM is enough ? | 09:47 |
| fanzhang | Bhujay hi, I find this doc https://wiki.openstack.org/wiki/Trove/guest_agent_communication may be helpful. | 09:48 |
| Bhujay | fanzhang: many thanks , let me check | 09:49 |
| fanzhang | Generally, trove services use AMQP to communicate with guestagent in vm. | 09:49 |
| fanzhang | Bhujay np :) | 09:49 |
| fanzhang | We began this bp https://review.openstack.org/#/c/553679/, tried to start changing the communication method to a way much more security, but unfortunately, many of us have shifted the focus on other projects or so. You're welcome to leave any messages here in this channel. That would be big help to project Trove. | 09:53 |
| fanzhang | Bhujay ^ | 09:53 |
| Bhujay | fanzhang: i m still on your first link , this is very helpful let me spend sometime here to see how i can overcome the challange in my environment ... | 09:55 |
| Bhujay | we have separated our control plane and the vm/neutron/storage plane with a firewall with a view that even in case of a VM breakout ... | 09:57 |
| Bhujay | control plane is secured .. so goal is to prevent any communication from VM back to control plane .. but for Dbass it seems we need one connection back to rabbit on the control plane | 09:58 |
| fanzhang | Bhujay yes, guest agent inside vm has to keep a heart beat with control plane | 09:59 |
| fanzhang | Bhujay take your time, and welcome to give trove a trial :) | 09:59 |
| Bhujay | fanzhang: thanks , u see unless such services are rolled out users are not excited just at the IaaS layer :) , its very important for my org | 10:01 |
| fanzhang | Bhujay good to hear that :) | 10:02 |
| Bhujay | fanzhang: to be more precise , only vm to rabbit connection shd be enough ? ( leaving aside calls to openstack service API which i can route through public endpoints ) | 10:03 |
| fanzhang | Bhujay sorry I don't follow your question | 10:10 |
| fanzhang | for internal service, I guess rabbitmq connection is enought, but from user perspective, they have to access db, so hope you have no other security restrictions | 10:14 |
| Bhujay | fanzhang: sorry for not being clear enough , yes understood what you say | 10:15 |
| fanzhang | Bhujay I have to go now, leaving messages here or by mailing list is both OK. :) | 10:15 |
| Bhujay | fanzhang: sure , thanks a lot for your responses , I will try to implement it and posts my experience/views here , in case that helps | 10:18 |
| fanzhang | Bhujay big thanks :) | 10:19 |
| Bhujay | u r welcome | 10:19 |
| *** kei_yama has quit IRC | 13:26 | |
| *** jamesmcarthur has joined #openstack-trove | 14:28 | |
| *** Bhujay has quit IRC | 14:33 | |
| *** openstackgerrit has quit IRC | 15:19 | |
| *** tianhui_ has joined #openstack-trove | 15:44 | |
| *** tianhui has quit IRC | 15:46 | |
| *** tianhui has joined #openstack-trove | 16:52 | |
| *** tianhui_ has quit IRC | 16:53 | |
| *** v12aml has quit IRC | 17:26 | |
| *** v12aml has joined #openstack-trove | 17:27 | |
| *** itlinux has joined #openstack-trove | 17:28 | |
| *** jamesmcarthur has quit IRC | 17:44 | |
| *** itlinux has quit IRC | 17:56 | |
| *** itlinux has joined #openstack-trove | 17:57 | |
| *** itlinux has quit IRC | 17:57 | |
| *** cargonza_ has joined #openstack-trove | 18:41 | |
| *** cargonza_ has quit IRC | 19:39 | |
| *** cargonza_ has joined #openstack-trove | 19:39 | |
| *** openstackgerrit has joined #openstack-trove | 20:55 | |
| openstackgerrit | Krzysztof Opasiak proposed openstack/trove-tempest-plugin master: Create base class for client to avoid code duplication https://review.openstack.org/580763 | 20:55 |
| *** rcernin has joined #openstack-trove | 23:36 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!