[openstack-dev] [nova][keystone] Message Queue Security

Eric Windisch eric at cloudscaling.com
Thu Apr 25 18:42:10 UTC 2013

> On 25/04/2013 17:27, Simo Sorce wrote:
> > On Thu, 2013-04-25 at 17:19 +0100, David Chadwick wrote:
> > > What happens in a very fast system if two sub-processes create a message
> > > at the same time and therefore contain the same timestamp?
> >  
> >  
> >  
> > Well, right now we use eventlet so no concurrency is really allowed.
> > If we move to a truly concurrent system (something I actually hope we
> > do) then we'll have to serialize how we get the timestamp. We'll
> > basically need a single source of time that will just increment by one
> > hundredth of a second or so if a second request comes in within the same
> > hundredth of a second. Basically keep a high watermark in shared memory
> > and use atomic updates to never get a dup.
> >  

We do have true concurrency. It might not be used everywhere, but we have it.  

You could run multiple copies of nova-scheduler on the same host. They could both generate the same timestamp + source, assuming that source was 'service_name + hostname'.  The only workaround for that would be to make the source include the PID as well… until/unless we get in-process concurrency, at least. Does the remote system really need to know the PID? That could be a security thread. Perhaps we should hash it… wait, this is getting complicated...

Why block everything synchronously on a single source of time or counter when we can simply use a nonce?

Eric Windisch

More information about the OpenStack-dev mailing list