Joshua,<div>your question scares me :)</div><div><div><br></div><div>Actually you can define user/pass for rabbitmq:</div><div>See in rpc/impl_kombu.py, which is used by default:</div><div><font class="Apple-style-span" face="'courier new', monospace"> 308 self.params = dict(hostname=FLAGS.rabbit_host,</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace"> 309 port=FLAGS.rabbit_port,</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> 310 userid=FLAGS.rabbit_userid,</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace"> 311 password=FLAGS.rabbit_password,</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> 312 virtual_host=FLAGS.rabbit_virtual_host)</font></div>
<div><br></div><div>But this seems to be not secured connection, since I don't see here usage of SSL.</div><div>In rpc/impl_carrot.py:</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> 66 params = dict(hostname=FLAGS.rabbit_host,</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace"> 67 port=FLAGS.rabbit_port,</font></div><div><font class="Apple-style-span" face="'courier new', monospace"><b> 68 ssl=FLAGS.rabbit_use_ssl,</b></font></div>
<div><font class="Apple-style-span" face="'courier new', monospace"> 69 userid=FLAGS.rabbit_userid,</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> 70 password=FLAGS.rabbit_password,</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace"> 71 virtual_host=FLAGS.rabbit_virtual_host)</font></div></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">but I never tried this carrot and don't know if it works.</font></div>
<div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Can someone else clarify the question? It seems important in terms of security.</font></div>
<div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Thanks,</font></div><br><div class="gmail_quote">On Wed, Sep 21, 2011 at 2:20 PM, Joshua Harlow <span dir="ltr"><<a href="mailto:harlowja@yahoo-inc.com">harlowja@yahoo-inc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>
<font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt">A quick security question.<br>
<br>
Is there any plan to force authentication/authorization of the rabbitmq messages?<br>
<br>
Right now it seems like keystone (tbd) will protect the external<->openstack layers but what about the openstack<->openstack layers.<br>
<br>
If someone got access to the rabbitmq it seems like without this kind of layer bad things could happen (create me 1000 nodes...).<br>
<br>
Has there been any thought in that area?<br>
<br>
-Josh<br>
<br>
</span></font>
</div>
<br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Mike Scherbakov<br>
</div>