On Thu, Mar 6, 2014 at 10:25 AM, Dmitry Mescheryakov < dmescherya...@mirantis.com> wrote:
> Hello folks, > > A number of OpenStack and related projects have a need to perform > operations inside VMs running on OpenStack. A natural solution would > be an agent running inside the VM and performing tasks. > > One of the key questions here is how to communicate with the agent. An > idea which was discussed some time ago is to use oslo.messaging for > that. That is an RPC framework - what is needed. You can use different > transports (RabbitMQ, Qpid, ZeroMQ) depending on your preference or > connectivity your OpenStack networking can provide. At the same time > there is a number of things to consider, like networking, security, > packaging, etc. > > So, messaging people, what is your opinion on that idea? I've already > raised that question in the list [1], but seems like not everybody who > has something to say participated. So I am resending with the > different topic. For example, yesterday we started discussing security > of the solution in the openstack-oslo channel. Doug Hellmann at the > start raised two questions: is it possible to separate different > tenants or applications with credentials and ACL so that they use > different queues? My opinion that it is possible using RabbitMQ/Qpid > management interface: for each application we can automatically create > a new user with permission to access only her queues. Another question > raised by Doug is how to mitigate a DOS attack coming from one tenant > so that it does not affect another tenant. The thing is though > different applications will use different queues, they are going to > use a single broker. > > Do you share Doug's concerns or maybe you have your own? > I would also like to understand why you don't consider Marconi the right solution for this. It is supposed to be a message system that's safe to use from within tenant images. Doug > > Thanks, > > Dmitry > > [1] > http://lists.openstack.org/pipermail/openstack-dev/2013-December/021476.html > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
