Open Stack

On Dec 10, 2013 7:00 PM, "Clint Byrum" <clint at fewbar.com> wrote:
>
> Excerpts from Dmitry Mescheryakov's message of 2013-12-10 08:15:15 -0800:
> > Guys,
> >
> > I see two major trends in the thread:
> >
> >  * use Salt
> >  * write our own solution with architecture similar to Salt or
MCollective
> >
> > There were points raised pro and contra both solutions. But I have a
> > concern which I believe was not covered yet. Both solutions use either
> > ZeroMQ or message queues (AMQP/STOMP) as a transport. The thing is
there is
> > going to be a shared facility between all the tenants. And unlike all
other
> > OpenStack services, this facility will be directly accessible from VMs,
> > which leaves tenants very vulnerable to each other. Harm the facility
from
> > your VM, and the whole Region/Cell/Availability Zone will be left out of
> > service.
> >
> > Do you think that is solvable, or maybe I overestimate the threat?
> >
>
> I think Salt would be thrilled if we tested and improved its resiliency
> to abuse. We're going to have to do that with whatever we expose to VMs.

+1 to not reinventing the wheel, and using a friendly ecosystem tool that
we can improve as needed.

>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131210/a840c409/attachment.html>