Open Stack

----- Original Message -----
> From: "Anne Gentle" <annegentle at justwriteclick.com>
> To: "Steve Gordon" <sgordon at redhat.com>
> Cc: "Shaun McCance" <shaunm at gnome.org>, openstack-docs at lists.openstack.org
> Sent: Friday, July 19, 2013 4:29:34 PM
> Subject: Re: [Openstack-docs] Intro and example installations
> 
> Another area that a decision has to be made in the opinionated installs is
> around nova-conductor, which receives requests over RPC. It was introduced
> in Grizzly to proxy database calls and API calls. It decouples nova-compute
> and the database, to enable rolling upgrades. However the Security Guide
> calls it out as too insecure to run because it cannot verify who messages
> come from. So in the opinionated install you'd have to discuss when to use
> nova-conductor.
> 
> I'll keep bringing up decision points until you tell me to stop! :)
> 
> Anne

Well...in the current basic install I think we are transmitting all the RPC messages in plain text (unencrypted) although password authentication is applied - certainly there doesn't appear to be any SSL setup for QPID. So I think there is also the question of do we wish to complicate the most basic install with setting up message security properly or leave securing the deployment to a choose your own adventure component as well?

Thanks,

Steve