Thanks Bruno! I will check that book.
Cheers. El sáb., 4 feb. 2017 a las 16:40, Bruno L (<[email protected]>) escribió: > Sergio, > > I spoke with the Trove team at the summit. They recommend the use of a > service tenant and to harden up your DB instances (for example with > AppArmour), as a way to mitigate this risk. > > You are right to say that there is little to no documentation and how to > set it up this way. You will find some info about it on a book written by > Amrith Kumar. > > At Catalyst we have plans to improve the upstream docs when the time to > implement Trove comes. The current docs may be suitable for a private cloud > scenario (where you may trust your internal customers), but are not > suitable for public clouds. > > If you are doing this now, you may consider submitting a few patches to > the docs! ;-) > > Cheers > Bruno > > On Sat, 4 Feb 2017, 5:52 AM Sergio Morales Acuña <[email protected]> wrote: > > Hi. > > I'm looking for information about the "Trove Shadow Tenant" feature. > > There some blogs talking about this but I can't find any information about > the configuration. > > I have a working implementation of Trove but the instance is created in > the same project as the user requesting the database. This is a problem for > me because the user can create a snapshot of the instance and capture the > RabbitMQ password. > > I tried a non-admin credentials for nova_proxy_*, but the instance is > still been created in the user project. I'm using the branch stable/newton. > > Cheers. > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
