On Tue, Apr 2, 2019 at 10:17 AM Ben Nemec <openstack@nemebean.com> wrote:

Doesn't that make it _more_ important for the database nodes to not have
access to the control plane rabbitmq? If a VM gets compromised I'd much
rather that it not have access to a core piece of my infrastructure.

Yes, it does. That's why I said in the following that the communication model of Trove could be changed by making the guest agent only repond rather than sending request.

Lingxian Kong
Catalyst Cloud