OpenStack Compute (nova)

add application level lock for vm

Registered by jichenjc

Services like Trove use run in Nova Compute Instances. These Services try
to provide an integrated and stable platform for which the service can run
in a predictable manner. Such elements include configuration of the
service, networking, installed packages, etc. In today¹s world, when Trove
spins up an Instance to deploy a database on, it creates that Instance with
the Users Credentials. Thus, to Nova, the User has full access to that
Instance through Nova API. This access can be used in ways which
unintentionally compromise the service.

In Nova side, we need to provide a method to put such Instances in a read-only or
invisible mode from the perspective of Nova, that is, the Instance can only
be managed from the Service from which it was created.

http://lists.openstack.org/pipermail/openstack-dev/2014-April/031952.html
has detailed requirement and discussion result.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
jichenjc
Direction:
Needs approval
Assignee:
jichenjc
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
jichenjc

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:add-app-lock,n,z

Addressed by: https://review.openstack.org/90678
    Add application level lock for services

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.