openstack team mailing list archive

Thread
Date

Re: [metering] high-level design proposal

To: Doug Hellmann <doug.hellmann@xxxxxxxxxxxxx>
From: Nick Barcet <nick.barcet@xxxxxxxxxxxxx>
Date: Thu, 24 May 2012 06:36:05 +0200
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CADb+p3TuP47rtuij4_hD2PZxBTnCJrkXCJcgCi4Jvk1Y6SA11A@mail.gmail.com>
Openpgp: id=5FECBD92
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1

On 05/22/2012 07:15 PM, Doug Hellmann wrote:
> 
> 
> On Tue, May 22, 2012 at 1:25 PM, Nick Barcet <nick.barcet@xxxxxxxxxxxxx
> <mailto:nick.barcet@xxxxxxxxxxxxx>> wrote:
> 
>     On 05/22/2012 03:26 PM, Doug Hellmann wrote:
>     >     -> In addition to a signature, I think we would need a
>     sequence number
>     >     to be embedded by the agent for each message sent, so that loss of
>     >     messages, or forgery of messages, can be detected by the
>     collector and
>     >     further audit process.
>     >
>     >
>     > OK. We have a message id, but I assumed those would be used to
>     eliminate
>     > duplicates so this sounds like something different or new. It implies
>     > that the agent knows its own id (not hard) and keeps up with a
>     sequence
>     > counter (more difficult, though not impossible). Did you have
>     something
>     > in mind for how to implement that?
> 
>     Actually, this was my intent in the original blueprint when I specified
>     the "message_id" field then a couple lines bellow: "a process may verify
>     that messages were not lost".  On the implementation side, I was
>     thinking that each agent would maintain its own sequence count, as a
>     global instance count would be pricier.  In my mind, non repudiation was
>     built from the message_signature + message_id which should be unique for
>     each agent.
> 
> 
> OK. That brings a couple of more specific questions to mind:
> 
> Does the agent save its sequence counter through a restart? How and
> where? What about an upgrade?

Seems easily stored locally.

> What would the down-stream consumer of the data do if it discovered
> there was a missing event? Who should do that detection work?

Not sure we need to worry about auditing process yet, just make sure
that we provide necessary the necessary information to do proper
auditing.  In principle, an audit process could then trigger an alert
for further investigation of the issue.

Nick

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: [metering] high-level design proposal
From: Doug Hellmann, 2012-05-24

References

[metering] high-level design proposal
From: Doug Hellmann, 2012-05-21
Re: [metering] high-level design proposal
From: Nick Barcet, 2012-05-22
Re: [metering] high-level design proposal
From: Doug Hellmann, 2012-05-22
Re: [metering] high-level design proposal
From: Nick Barcet, 2012-05-22
Re: [metering] high-level design proposal
From: Doug Hellmann, 2012-05-22