Compartmentalize RabbitMQ

date:2015-07-14
tags:rabbitmq

The purpose of this spec is to adjust our current RabbitMQ setup to better use the available system resources by creating a vhost and user per-consumer service within RabbitMQ.

Include the URL of your launchpad blueprint:

Problem description

Presently all services use the single root virtual host within RabbitMQ and while this is “OK” for small to mid sized deployments however it would be better to divide services into logical resource groups within RabbitMQ which will bring with it additional security.

Proposed change

All services that utilize RabbitMQ should have their own virtual host, user, and password.

Overview:
  • Each role would use the upstream Ansible RabbitMQ user module to create a new user. The username will be customizable with a default being the same as the name of the service.
  • Each role will use the upstream Ansible RabbitMQ vhost module to create a new virtual host per service. The vhost will be customizable with a default being the same as the name of the service.
  • A Password entry will be created within the user_secrets.yml file for each RabbitMQ service user.
  • The oslo config section of each service will be updated to use the new vhost name, username, and password.

Alternatives

Leave RabbitMQ the way it is.

Playbook impact

The playbooks will have no impact. The changes being proposed are being done within roles. Ideally this would be a simple default addition, two new tasks, and a simple change within the oslo_messaging section in the service configuration files.

Upgrade impact

There will be an upgrade impact as the user will need to add the new secret entries to the user_secrets.yml file. If this was to be accepted as a backport to kilo this would have to be targeted to a major version.

Security impact

Serpentining the services into different vhosts with different users and passwords should improve security. And brings our project more inline with what is described in the OpenStack Messaging Security documentation.

Performance impact

The separation of service into logical vhosts has been not been reported to have any noticeable performance impact.

End user impact

n/a

Deployer impact

The deployer will need to ensure they have passwords entries set within the user_secrets.yml file. This should not impact greenfield deployments however it will need to be something covered in an upgrade.

Developer impact

n/a

Dependencies

n/a

Implementation

Assignee(s)

Primary assignee:
https://launchpad.net/~kevin-carter cloudnull

Work items

  • Add new RabbitMQ users for all services.
  • Add new RabbitMQ vhosts for all services.
  • Update all service configuration files to use the new vhost, user, and password.

Testing

The testing of this change is a convergence test. The gate job will utilize the the changes on every commit.

Documentation impact

Docs will need to be updated in terms of upgrades to add the new variables.

References

n/a