Trove/trove-managed-instances
Description
The purpose of this feature is to provide improved control over Compute Instances that are managed by Trove. Currently, any Trove Instance that a user creates, has two ID and two access points: one through Trove; and the other through Nova. The point of Trove being to manage datastores in a way that provides a stable and optimized platform. The option for the user to also configure the Compute Instance directly through Nova compromises this integrity. The intention here then is to "lock" Compute Instances that were created through the Trove interface. While this is currently an issue for Trove, other Services that sit on top of Nova can also benefit from this. *Note* There is a project that is forming called "Service VMs". In the future this may replace this functionality.
Trove Management
The focus of this feature is that a system-based Tenant will own a lock on all Trove Guest Instances.
Overview of Trove Instances on Management Network
Interaction of Trove-Nova
Justification/Benefits
Benefits of Trove-Locked Instances
Once Trove locks the Instances in Nova, Customers/Users can no longer go directly to Nova to perform functions on the Trove Instances. This prevents issues where a Customer may create an Instance Snapshot and then restore that Snapshot on an unmanaged Instance gaining access to potentially sensitive data. The primary benefit of this feature is that all access and control goes through Trove API. The Trove API leverages the Trove Admin credentials to Unlock/Lock the Instance during "critical" functions.
Use Case Requirements
Before Installing Trove-Integration/Devstack
- Operator has enabled Trove-Managed Instances
During Installation
- Trove-Integration/DevStack creates a Trove Admin Tenant and User.
During Instance Creation
- Trove uses a special Nova Client that uses the credentials and network of the Trove-Managed Tenant
- After Instance Creation, Trove also attaches the Instance to the Customer-specified Network
Other Use Cases
Security Groups
Security Groups are currently not a lockable resource in Nova. The result is that the user can still manipulate the Security Groups associated to the the Instance.
Scope
The scope of this is primarily limited to Trove API and Task Manager but there is need for support from Trove-Integration in that it must prepare the Tenant and Network so that Trove can handle the first request without additional setup.
Impacts
From a user’s perspective this feature changes some of the expectations and behavior. Most of this is a result of the introduction of Neutron. Neutron allows for highly customized network topologies. This customizations allows users to create networks that better match network architecture standards in a modern world.
Configuration
This feature will only be available if Neutron is enabled and if the Trove Managed feature is configured. The necessary configurations for Trove API and Taskmanager
| configuration name | value | description |
|---|---|---|
| trove.managed.instances | boolean | determines whether all instances are owned by Trove (default: false) |
Database
There are no expected changes to the database
Public API
As mentioned earlier the user will not be able to access Nova directly and gain access to the underlying Nova Instance. Trove API Instance Create will take an additional parameter which specifies the Network ID. This however is being handled in another Blueprint. {insert link to Neutron Blueprint}
Internal API
This should not affect any interactions between Trove API and Task Manager, Conductor, Guest
Guest Agent
This change is not backwards compatible with Guest Agents or a deployment for that matter. Changing out the Networking implementation is not trivial. This feature is for greenfield deployments only.
Trove-Integration
The script for Trove Integration will have to change in such a way that it provides the following infrastructure…
Creates a Trove Tenant and User that is going to Manage the Guest Instances Add configurations to the conf files so that the Tenant, User and Password are available to Trove API and Task Manager Create a Guest Instance Private Network and attach RabbitMQ to that Interface Add Private Network ID to the Configuration file
