Hello, I use Trove on my test environment and some things look very insecurely for me. The base trove schema requires access to the MQ service from guest instances, that means the network allocated to guest instances (let's call it the trove network) should has access to the management network (where the MQ servers placed), but in order to allocate a network port on the trove network a client need to have access to this network. The question is — what does prevent (or can prevent) users to create an instance (not a trove guest, but just a common compute instance) in the same trove network and get access to the management network (at least to the MQ service). It’s not a problem for trove guests, because clients don’t have SSH access to trove guests. Seems, nothing does and any clients can just allocate instances on the trove network and get access to the MQ service (next, ddos is a possible security violation at least) I found the config option trove_managed_net_id in the Trove wiki, but there are no mentions how to use it and I can not find any terminations of those options in the trove code (newton release)
Thanks. -- Best Regards, Evgeniy Ivanov _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
