Hi Benoit: The rabbitmq server that the trove components use to communicate with each other doesn't (and in fact _shouldn't_) necessarily be the same rabbitmq server that the core openstack services are using for communcation.
In most real-world deployments of OpenStack Trove that I am aware of, a separate in-cloud rabbitmq cluster is set up for Trove to use. The Trove control plane (api / taskmanager / conductor) is also deployed as a workload in the cloud and guest VMs also run as workloads in the same cloud. Consequently, all communication happens between vms -- all part of the same cloud. There isn't a necessity for the guest agent to be able to communicate with the infrastructure rabbitmq server running on bare-metal, so there really isn't a security concern here. Hope this helps to clarify the situation, Thanks, Nikhil
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
