Hello folks, A number of OpenStack and related projects have a need to perform operations inside VMs running on OpenStack. A natural solution would be an agent running inside the VM and performing tasks.
One of the key questions here is how to communicate with the agent. An idea which was discussed some time ago is to use oslo.messaging for that. That is an RPC framework - what is needed. You can use different transports (RabbitMQ, Qpid, ZeroMQ) depending on your preference or connectivity your OpenStack networking can provide. At the same time there is a number of things to consider, like networking, security, packaging, etc. So, messaging people, what is your opinion on that idea? I've already raised that question in the list [1], but seems like not everybody who has something to say participated. So I am resending with the different topic. For example, yesterday we started discussing security of the solution in the openstack-oslo channel. Doug Hellmann at the start raised two questions: is it possible to separate different tenants or applications with credentials and ACL so that they use different queues? My opinion that it is possible using RabbitMQ/Qpid management interface: for each application we can automatically create a new user with permission to access only her queues. Another question raised by Doug is how to mitigate a DOS attack coming from one tenant so that it does not affect another tenant. The thing is though different applications will use different queues, they are going to use a single broker. Do you share Doug's concerns or maybe you have your own? Thanks, Dmitry [1] http://lists.openstack.org/pipermail/openstack-dev/2013-December/021476.html _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
