[openstack-dev] [olso][neutron] proxying oslo.messaging from management network into tenant network/VMs

Wed, 09 Apr 2014 01:41:16 -0700 

Hello developers.


As discussed many times so far[1], there are many projects that needs
to propagate RPC messages into VMs running on OpenStack. Neutron in my case.

My idea is to relay RPC messages from management network into tenant
network over file-like object. By file-like object, I mean virtio-serial,
unix domain socket, unix pipe and so on.
I've wrote some code based on oslo.messaging[2][3] and a documentation
on use cases.[4][5]
Only file-like transport and proxying messages would be in oslo.messaging
and agent side code wouldn't be a part of oslo.messaging.


use cases:([5] for more figures)
file-like object: virtio-serial, unix domain socket, unix pipe

  server <-> AMQP <-> agent in host <-virtio serial-> guest agent in VM
                      per VM

  server <-> AMQP <-> agent in host <-unix socket/pipe->
             agent in tenant network <-> guest agent in VM


So far there are security concerns to forward oslo.messaging from management
network into tenant network. One approach is to allow only cast-RPC from
server to guest agent in VM so that guest agent in VM only receives messages
and can't send anything to servers. With unix pipe, it's write-only
for server, read-only for guest agent.


Thoughts? comments?


Details of Neutron NFV use case[6]:
Neutron services so far typically runs agents in host, the host agent
in host receives RPCs from neutron server, then it executes necessary
operations. Sometimes the agent in host issues RPC to neutron server
periodically.(e.g. status report etc)
It's desirable to make such services virtualized as Network Function
Virtualizaton(NFV), i.e. make those features run in VMs. So it's quite
natural approach to propagate those RPC message into agents into VMs.


[1] https://wiki.openstack.org/wiki/UnifiedGuestAgent
[2] https://review.openstack.org/#/c/77862/
[3] https://review.openstack.org/#/c/77863/
[4] https://blueprints.launchpad.net/oslo.messaging/+spec/message-proxy-server
[5] https://wiki.openstack.org/wiki/Oslo/blueprints/message-proxy-server
[6] https://blueprints.launchpad.net/neutron/+spec/adv-services-in-vms
-- 
Isaku Yamahata <isaku.yamah...@gmail.com>

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to