openstack/trove-specs
Code Issues Proposed changes
1b8d17edbe
trove-specs/specs/kilo/rsync-optional.rst
Nikhil Manchanda 4a72d213aa Add unit tests for Trove specs 
Add simple unit tests to the Trove specs repo which ensure that
specifications submitted follow the template correctly and address
all the needed sections.

Update tox to run these unit tests automatically.

At the beginning of each release, test_titles.py will need to be updated
and 'current_release' modified to reflect the new release directory.  At
the same time, the new release directory will be created, the index.rst
file in doc/source ammended to include this directory, and any unmerged
specs moved there.  In this way, changes to the template will only
affect specs going forward and avoids having to modify any specs that
have merged in previous releases.

(It will also have the side effect of signalling the 'opening' of the
release to new specs.)

Change-Id: I8f1175bceed63d36d96b6c6c6b4188ef27d3102e
2015-06-16 21:53:16 +00:00

2.4 KiB
Raw Blame History

Make Rsync for Guest Optional

Blueprint:

https://blueprints.launchpad.net/trove-integration/+spec/rsync-optional

Today, the instance rsyncs the guestagent code and trove-guestagent.conf via http://git.io/qI9ivw (or http://git.io/p88Njw)

The proposal is to introduce an alternative that does not require guest-to-controller SSH connectivity: bake the guestagent code and trove-guestagent.conf into the image.

Problem Description

In production, permitting SSH connectivity between guests and the control-plane is a security no-no. Although trove-integration is considered to be only a sample reference implementation, we owe it to deployers to provide insight into how to properly secure Trove.

Use Cases

  • As a deployer, I want to avoid ssh connectivity between guests and the control-plane.

Proposed Change

Add additional elements in trove-integration to stage the guestagent code and trove-guestagent.conf during the extra-data.d hook, and subsequently install them in the install.d hook, vs. relying on upstart/systemd to rsync.

See https://review.openstack.org/#/c/119488/

This is not turned on by default, and therefore is backwards compatible.

Configuration

To make use of this functionality, it requires setting GUEST_LOCAL_TROVE_DIR and GUEST_LOCAL_TROVE_CONF. The aforementioned values are used in the newly introduced diskimage-builder elements.

Database

No database changes.

Public API

No public API changes.

Public API Security

No public API Security related changes.

Internal API

No internal API changes.

Guest Agent

No Guest Agent changes.

Alternatives

No alternatives.

Implementation

Assignee(s)

Primary assignee:

Auston McReynolds (amcrn)

Milestones

Kilo-1

Work Items

See https://review.openstack.org/#/c/119488/

Dependencies

No dependencies.

Testing

diskimage-builder element additions/changes are not tested via traditional means at the moment.

Documentation Impact

No documentation impact.

References

None.