[openstack-dev] Unified Guest Agent proposal
joe.gordon0 at gmail.com
Tue Dec 10 19:40:16 UTC 2013
On Dec 10, 2013 7:00 PM, "Clint Byrum" <clint at fewbar.com> wrote:
> Excerpts from Dmitry Mescheryakov's message of 2013-12-10 08:15:15 -0800:
> > Guys,
> > I see two major trends in the thread:
> > * use Salt
> > * write our own solution with architecture similar to Salt or
> > There were points raised pro and contra both solutions. But I have a
> > concern which I believe was not covered yet. Both solutions use either
> > ZeroMQ or message queues (AMQP/STOMP) as a transport. The thing is
> > going to be a shared facility between all the tenants. And unlike all
> > OpenStack services, this facility will be directly accessible from VMs,
> > which leaves tenants very vulnerable to each other. Harm the facility
> > your VM, and the whole Region/Cell/Availability Zone will be left out of
> > service.
> > Do you think that is solvable, or maybe I overestimate the threat?
> I think Salt would be thrilled if we tested and improved its resiliency
> to abuse. We're going to have to do that with whatever we expose to VMs.
+1 to not reinventing the wheel, and using a friendly ecosystem tool that
we can improve as needed.
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev