On 03/21/2016 09:43 PM, Adam Young wrote:
I had a good discussion with the Nova folks in IRC today.
My goal was to understand what could talk to what, and the short
according to dansmith
" any node in nova land has to be able to talk to the queue for any
other one for the most part: compute->compute, compute->conductor,
conductor->compute, api->everything. There might be a few exceptions,
but not worth it, IMHO, in the current architecture."
Longer conversation is here:
http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2016-03-21.log.html#t2016-03-21T17:54:27
Right now, the message queue is a nightmare. All sorts of sensitive
information flows over the message queue: Tokens (including admin) are
the most obvious. Every piece of audit data. All notifications and all
control messages.
It is indeed a nightmare, but not because of any security issues.
Solve security issues by isolating the management plane over which the
messages are sent. Do this using standard industry practice of firewall
rules.
Do NOT do this by adding ever more complexity to the setup and
configuration of the message queue itself.
-jay
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
