[openstack-dev] [quantum] RPC communication agent to quantum server

Gary Kotton gkotton at redhat.com
Mon Feb 4 12:06:43 UTC 2013 

On 02/03/2013 07:43 PM, Ravi Chunduru wrote:
> Gary,
>   Thanks for the pointers on L3 agent.
> Will there be a keystone authentication for l2 agents in Grizzly?

No, for the agents using the RPC communication there is no keystone 
authentication. This is another channel  of communication. It is similar 
to that in nova. Each of the modules is able to send one another messages.

>
> Thanks,
> -Ravi
>
>
> On Sun, Feb 3, 2013 at 7:19 AM, Gary Kotton <gkotton at redhat.com 
> <mailto:gkotton at redhat.com>> wrote:
>
>     On 02/02/2013 07:52 PM, Ravi Chunduru wrote:
>>     L3 agent uses Qclient to communicate with Quantum server while
>>     Plugin agents used RPC.
>>     I understand there is a BP for L3 agent to use RPC in coming days.
>
>     Hi Ravi,
>     In Grizzly the L3 agent makes use of the RPC to interface with the
>     Quantum plugin. In Folsom the L3 agent makes use of the Quantum
>     client API to retrieve the l3 data.
>     Yes, there is keystone authentication. Can you please look at:
>     https://github.com/openstack/quantum/blob/stable/folsom/quantum/agent/l3_agent.py#L120
>     This is via the parameters in the INI file:
>     https://github.com/openstack/quantum/blob/stable/folsom/etc/l3_agent.ini#L13
>
>
>
>>
>>     I was going through OVS agent code, found that it does not
>>     authenticate with keystone, which I feel is a  security concern.
>>
>
>     The code that you are referring to is most probably for the l2
>     agent interface.
>
>>     self.rpc_context = context.RequestContext('quantum', 'quantum',
>>                                                       is_admin=False)
>>
>>     auth token is not sent while creating context.
>>
>>     Any considerations to do that way?
>>
>>     Thanks,
>>
>>     -- 
>>     Ravi
>>
>>
>>     _______________________________________________
>>     OpenStack-dev mailing list
>>     OpenStack-dev at lists.openstack.org  <mailto:OpenStack-dev at lists.openstack.org>
>>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> -- 
> Ravi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130204/53c1c86c/attachment.html>

More information about the OpenStack-dev mailing list