Your code review is correct. There's some ideas on how to make things more secure that I expect to be tackled relatively soon, but for now it's all HTTP.
In single-site deployments, the internal Swift network (i.e. proxy to storage and storage to storage) should be on a private network). And and site-to-site connectivity for a multi-site deployment should be over a VPN or similar. --John On 30 Mar 2016, at 18:50, Mark Kirkwood wrote: > Hi, > > I'm looking at configuring a multi region cluster, and am thinking about > what type of encryption is needed for inter region traffic, and where > this needs to be done (e.g VPN or swift encrypting its own communication). > > My quick scan of the code seems[1] to point to internal communication > being http only - but I'm asking in case I've missed something! > > regards > > Mark > > [1] > Examining files in swift/obj,proxy,common it looks like proxy-to-storage > (and storage-to-storage) communication is always unencrypted (i.e > common/bufferedhttp:http_connect is called without ssl set). > > Also looking at swift/obj/ssync_sender.py it seems to me that > replication is not encrypted either. > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
