>> Shouldn't we be trying to remove central bottlenecks by >> decentralizing communications where we can? > > I think that's a good goal to continue having. Some deployers have > setup firewalls between compute nodes, or between compute nodes and > the database, so we use the conductor to facilitate communications > between those nodes. But in general we don't want to send all > communications through the conductor.
Yep, I think we generally look forward to having all the resize and migrate communication coordinated through conductor, but not really for security reasons specifically. However, I don't think that pumping everything through conductor for, say, api->compute communication is something we should do. As several of us said in IRC yesterday, I'd really like nodes to be able to authenticate the sender of a message and not do things based on who sent it and whether that makes sense or not. Adding a bunch of broker-specific configuration requirements to achieve a security goal (and thus assuming the queue is never compromised) is not really where I want to see us go. --Dan __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
