Friday, 2021-08-27

opendevreview	Bo Tran proposed openstack/trove master: Support port was created from user's network should visible with user https://review.opendev.org/c/openstack/trove/+/806295	02:24
opendevreview	Merged openstack/trove master: Allow regular user to get quotas https://review.opendev.org/c/openstack/trove/+/805941	04:14
Ammad	Hello	10:38
Ammad	I have tested trove and database mysql mariadb works fine	10:39
Ammad	My question is related to architecture.	10:39
Ammad	Can I use separate rabbitMQ for communication between trove instances and trove task-manager	10:40
Ammad	?	10:40
Ammad	because I dnt want to open my infra rabbitmq cluster publically for customers database instances	10:41
Ammad	?	10:41
lxkong	Ammad: yes, you can deploy a rabbitmq cluster dedicated for communication between trove guest agent and trove controller. But, to be honest, re-using the infra rabbitmq for such communication doens't sound that risky as you thought. The database is running in a restricted environment (docker container), you can config networking or container permission as strict as you can.	10:45
lxkong	we are running that in our public cloud and the security penetration testing (conducted by a 3rd party security consultant company) has passed.	10:46
lxkong	However, as you said, using a dedicated rabbitmq could give you more confidence to run the service.	10:48
Ammad	Basically we are also public cloud provider in Pakistan. I was thinking about the security of infrastructure and my infosec department could raise a concern on it.	10:50
Ammad	Since you guys have conducted security testing it gives me a confidence.	10:51
Ammad	https://docs.openstack.org/trove/latest/admin/run_trove_in_production.html	10:52
Ammad	I was reviewing above document and I can use separate management network and security group for database instance management network	10:53
Ammad	management_networks and management_security_groups	10:53

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!