[ovs-dev] ovn: Improving southbound database security
Russell Bryant
russell at ovn.org
Fri Oct 21 20:10:58 UTC 2016
On Thu, Oct 20, 2016 at 5:52 PM, Han Zhou <zhouhan at gmail.com> wrote:
>
> On Thu, Oct 20, 2016 at 11:51 AM, Russell Bryant <russell at ovn.org> wrote:
> >
> > On Thu, Oct 20, 2016 at 1:47 PM, Ben Pfaff <blp at ovn.org> wrote:
> >
> > > On Thu, Oct 13, 2016 at 07:32:53PM +0530, Numan Siddique wrote:
> > >
> > > > 5) Remove support from ovn-controller updating the 'Chassis.hv_cfg'
> > > > column and handle the side effect in "--wait=hv" in ovn-nbctl.
> > >
> > > The ability to wait for hypervisors to catch up is pretty valuable.
> I'm
> > > not super happy about losing it.
> > >
> >
> > I'm not either.
> >
> > The only compromise I could come up with was retain it, but document that
> > it won't work if you run the SB DB in a read-only mode. That's how we'd
> > recommend it to be done in production, so the feature would become a
> > test-only feature, but then the tests wouldn't be helping ensure we only
> > read from the sb db otherwise.
> >
> > --
>
> Apart from security, I think there is one more benefit of making SB
> readonly, at least for short term. It can help deploying in a large scale
> environment by sharing SB connections. Assume one SB server can support 1k
> HV connections, we can achieve 10k HVs by 10 slave SB servers, each
> replicating all changes of SB from a master node. For this to work, we need
> to make SB readonly to avoid the consensus problem, which I assume will be
> solved by Raft support or etcd, but not very soon.
>
That's a really great point. I hadn't considered this positive side effect.
--
Russell Bryant
More information about the dev
mailing list