Document requirement to use separate RabbitMQ
For production environments, the RabbitMQ server used by Trove should be different from the one used by the rest of the OpenStack infrastructure, due to security concerns. Change-Id: Ibbe4ae1185c8c0e18e14687d6fb558ceabd15ec1 Closes-bug: #1453194
This commit is contained in:
parent
19731ad8f1
commit
c9ff84d3e4
|
@ -37,6 +37,13 @@ trove is a combination of Puppet manifest and ruby code to delivery configuratio
|
|||
Limitations
|
||||
-----------
|
||||
|
||||
Security
|
||||
--------
|
||||
|
||||
For security reasons, a separate in-cloud RabbitMQ cluster should be set up for Trove to use. The reason for this is that the guest agent needs to communicate with RabbitMQ, so it is not advisable to give instances access to the same RabbitMQ server that the core OpenStack services are using for communication.
|
||||
|
||||
Please note that puppet-trove cannot check if this rule is being followed, so it is the deployer's responsibility to do it.
|
||||
|
||||
Beaker-Rspec
|
||||
------------
|
||||
|
||||
|
|
|
@ -23,10 +23,16 @@
|
|||
#
|
||||
# [*rabbit_host*]
|
||||
# (optional) Location of rabbitmq installation.
|
||||
# Note that, for security reasons, this rabbitmq host should not be the
|
||||
# same that the core openstack services are using for communication. See
|
||||
# http://lists.openstack.org/pipermail/openstack-dev/2015-April/061759.html
|
||||
# Defaults to 'localhost'
|
||||
#
|
||||
# [*rabbit_hosts*]
|
||||
# (optional) List of clustered rabbit servers.
|
||||
# Note that, for security reasons, these rabbitmq hosts should not be the
|
||||
# same that the core openstack services are using for communication. See
|
||||
# http://lists.openstack.org/pipermail/openstack-dev/2015-April/061759.html
|
||||
# Defaults to false
|
||||
#
|
||||
# [*rabbit_port*]
|
||||
|
|
Loading…
Reference in New Issue