{"id":292,"date":"2013-02-07T22:32:04","date_gmt":"2013-02-07T22:32:04","guid":{"rendered":"http:\/\/www.danplanet.com\/blog\/?p=292"},"modified":"2014-09-09T17:31:37","modified_gmt":"2014-09-09T17:31:37","slug":"all-your-db-are-belong-to-conductor","status":"publish","type":"post","link":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/","title":{"rendered":"All your DB are belong to conductor"},"content":{"rendered":"<p>Well, it&#8217;s done. Hopefully.<\/p>\n<p>Over the last year, <a href=\"http:\/\/www.openstack.org\/software\/openstack-compute\/\">Nova<\/a> has had a <a href=\"https:\/\/blueprints.launchpad.net\/nova\/+spec\/no-db-compute\">goal of removing direct database access<\/a>\u00a0from nova-compute. This has a lot of advantages, especially around security and rolling upgrade abilities, but also brings some complexity and change. Much of this is made possible by utilizing the new <a href=\"http:\/\/russellbryantnet.wordpress.com\/2012\/11\/19\/a-new-nova-service-nova-conductor\/\">nova-conductor service<\/a> to proxy requests to the database over RPC on behalf of components that are not allowed to talk to the database directly. I authored many of the <a href=\"https:\/\/review.openstack.org\/#\/q\/status:merged+project:openstack\/nova+branch:master+topic:bp\/no-db-compute,n,z\">changes<\/a>\u00a0to either use conductor to access the database, or refactor things to not require it at all. I also had the distinct honor of committing the <a href=\"https:\/\/review.openstack.org\/#\/c\/21336\/\">final patch<\/a>\u00a0to functionally disable the database module within the compute service. This will help ensure that folks doing testing between Grizzly-3 and the release will hit a reasonable (and reportable) error message, even if their compute nodes still have access to the database.<\/p>\n<p>Security-wise, nova-compute nodes are the most likely targets for any sort of attack, since they run the untrusted customer workloads. Escaping from a VM or compromising one of the services that runs there previously meant full access to the database, and thus the cluster. By removing the ability (and need) to connect directly to the database, it is significantly easier for an administrator to limit the exposure caused by a compromised compute node. In the future, the gain realized from things like <a href=\"https:\/\/blueprints.launchpad.net\/nova\/+spec\/trusted-messaging\">trusted RPC messaging<\/a>\u00a0will be even greater, as access to information about individual instances from a given host can be limited by conductor on a need-to-know basis.<\/p>\n<p>From an upgrade point of view, decoupling nova-compute from the database also decouples it from the schema. That means that rolling upgrades can be supported through RPC API versioning without worrying about old code accessing new database schemas directly. No additional modeling is added between the database and the compute nodes, but having the RPC layer there provides a much better way to provide a stable N and N+1 interface.<\/p>\n<p>Of course, neither of the above points imply that your cluster is now secure, or that you can safely do a rolling upgrade from Folsom to Grizzly or Grizzly to Havana. This no-db-compute milestone is one (major) step along the path to enabling both, but there&#8217;s still plenty of work to do. Since nova is large and complex, there is also no guarantee that all the direct database accesses have been removed. Since we recently started gating on full <a href=\"https:\/\/launchpad.net\/tempest\">tempest<\/a>\u00a0runs, the fact that the disabling patch passed all the tests is a really good sign. However, it is entirely likely that a few more things needing attention will shake out of the testing that folks will do between Grizzly-3 and the release.<\/p>\n<p>Let the bug reporting commence!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Well, it&#8217;s done. Hopefully. Over the last year, Nova has had a goal of removing direct database access\u00a0from nova-compute. This has a lot of advantages, especially around security and rolling upgrade abilities, but also brings some complexity and change. Much &hellip; <a href=\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,6,97],"tags":[94,96,93,92,95],"class_list":["post-292","post","type-post","status-publish","format-standard","hentry","category-codemonkeying","category-linux","category-openstack","tag-conductor","tag-db","tag-nova","tag-openstack_","tag-rpc"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>All your DB are belong to conductor - Right Angles<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"All your DB are belong to conductor - Right Angles\" \/>\n<meta property=\"og:description\" content=\"Well, it&#8217;s done. Hopefully. Over the last year, Nova has had a goal of removing direct database access\u00a0from nova-compute. This has a lot of advantages, especially around security and rolling upgrade abilities, but also brings some complexity and change. Much &hellip; Continue reading &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/\" \/>\n<meta property=\"og:site_name\" content=\"Right Angles\" \/>\n<meta property=\"article:published_time\" content=\"2013-02-07T22:32:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-09-09T17:31:37+00:00\" \/>\n<meta name=\"author\" content=\"Dan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/\"},\"author\":{\"name\":\"Dan\",\"@id\":\"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/0f6920aa6d63cae437bf8b122200287c\"},\"headline\":\"All your DB are belong to conductor\",\"datePublished\":\"2013-02-07T22:32:04+00:00\",\"dateModified\":\"2014-09-09T17:31:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/\"},\"wordCount\":466,\"publisher\":{\"@id\":\"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/0f6920aa6d63cae437bf8b122200287c\"},\"keywords\":[\"conductor\",\"db\",\"nova\",\"openstack\",\"rpc\"],\"articleSection\":[\"Codemonkeying\",\"Linux\",\"OpenStack\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/\",\"url\":\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/\",\"name\":\"All your DB are belong to conductor - Right Angles\",\"isPartOf\":{\"@id\":\"https:\/\/www.danplanet.com\/blog\/#website\"},\"datePublished\":\"2013-02-07T22:32:04+00:00\",\"dateModified\":\"2014-09-09T17:31:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.danplanet.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"All your DB are belong to conductor\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.danplanet.com\/blog\/#website\",\"url\":\"https:\/\/www.danplanet.com\/blog\/\",\"name\":\"Right Angles\",\"description\":\"If they&#039;re not right...they&#039;re wrong\",\"publisher\":{\"@id\":\"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/0f6920aa6d63cae437bf8b122200287c\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.danplanet.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/0f6920aa6d63cae437bf8b122200287c\",\"name\":\"Dan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9b73782704be64dd8c030087af2d1ae0c1dc488cad69093ff0366dbaad2de673?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9b73782704be64dd8c030087af2d1ae0c1dc488cad69093ff0366dbaad2de673?s=96&d=mm&r=g\",\"caption\":\"Dan\"},\"logo\":{\"@id\":\"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/image\/\"},\"url\":\"https:\/\/www.danplanet.com\/blog\/author\/dan\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"All your DB are belong to conductor - Right Angles","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/","og_locale":"en_US","og_type":"article","og_title":"All your DB are belong to conductor - Right Angles","og_description":"Well, it&#8217;s done. Hopefully. Over the last year, Nova has had a goal of removing direct database access\u00a0from nova-compute. This has a lot of advantages, especially around security and rolling upgrade abilities, but also brings some complexity and change. Much &hellip; Continue reading &rarr;","og_url":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/","og_site_name":"Right Angles","article_published_time":"2013-02-07T22:32:04+00:00","article_modified_time":"2014-09-09T17:31:37+00:00","author":"Dan","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dan","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/#article","isPartOf":{"@id":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/"},"author":{"name":"Dan","@id":"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/0f6920aa6d63cae437bf8b122200287c"},"headline":"All your DB are belong to conductor","datePublished":"2013-02-07T22:32:04+00:00","dateModified":"2014-09-09T17:31:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/"},"wordCount":466,"publisher":{"@id":"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/0f6920aa6d63cae437bf8b122200287c"},"keywords":["conductor","db","nova","openstack","rpc"],"articleSection":["Codemonkeying","Linux","OpenStack"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/","url":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/","name":"All your DB are belong to conductor - Right Angles","isPartOf":{"@id":"https:\/\/www.danplanet.com\/blog\/#website"},"datePublished":"2013-02-07T22:32:04+00:00","dateModified":"2014-09-09T17:31:37+00:00","breadcrumb":{"@id":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.danplanet.com\/blog\/2013\/02\/07\/all-your-db-are-belong-to-conductor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.danplanet.com\/blog\/"},{"@type":"ListItem","position":2,"name":"All your DB are belong to conductor"}]},{"@type":"WebSite","@id":"https:\/\/www.danplanet.com\/blog\/#website","url":"https:\/\/www.danplanet.com\/blog\/","name":"Right Angles","description":"If they&#039;re not right...they&#039;re wrong","publisher":{"@id":"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/0f6920aa6d63cae437bf8b122200287c"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.danplanet.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/0f6920aa6d63cae437bf8b122200287c","name":"Dan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9b73782704be64dd8c030087af2d1ae0c1dc488cad69093ff0366dbaad2de673?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9b73782704be64dd8c030087af2d1ae0c1dc488cad69093ff0366dbaad2de673?s=96&d=mm&r=g","caption":"Dan"},"logo":{"@id":"https:\/\/www.danplanet.com\/blog\/#\/schema\/person\/image\/"},"url":"https:\/\/www.danplanet.com\/blog\/author\/dan\/"}]}},"_links":{"self":[{"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/posts\/292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/comments?post=292"}],"version-history":[{"count":4,"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/posts\/292\/revisions"}],"predecessor-version":[{"id":297,"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/posts\/292\/revisions\/297"}],"wp:attachment":[{"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/media?parent=292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/categories?post=292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.danplanet.com\/blog\/wp-json\/wp\/v2\/tags?post=292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}