[openstack-dev] [quantum] RPC communication agent to quantum server

Ravi Chunduru ravivsn at gmail.com
Mon Feb 4 16:02:59 UTC 2013 

Thanks Gary.

I feel RPC should use keystone authentication else it is a security concern.


On Mon, Feb 4, 2013 at 4:06 AM, Gary Kotton <gkotton at redhat.com> wrote:

>  On 02/03/2013 07:43 PM, Ravi Chunduru wrote:
>
> Gary,
>   Thanks for the pointers on L3 agent.
> Will there be a keystone authentication for l2 agents in Grizzly?
>
>
> No, for the agents using the RPC communication there is no keystone
> authentication. This is another channel  of communication. It is similar to
> that in nova. Each of the modules is able to send one another messages.
>
>
>  Thanks,
> -Ravi
>
>
> On Sun, Feb 3, 2013 at 7:19 AM, Gary Kotton <gkotton at redhat.com> wrote:
>
>>  On 02/02/2013 07:52 PM, Ravi Chunduru wrote:
>>
>> L3 agent uses Qclient to communicate with Quantum server while Plugin
>> agents used RPC.
>> I understand there is a BP for L3 agent to use RPC in coming days.
>>
>>
>>  Hi Ravi,
>> In Grizzly the L3 agent makes use of the RPC to interface with the
>> Quantum plugin. In Folsom the L3 agent makes use of the Quantum client API
>> to retrieve the l3 data.
>> Yes, there is keystone authentication. Can you please look at:
>>
>> https://github.com/openstack/quantum/blob/stable/folsom/quantum/agent/l3_agent.py#L120
>> This is via the parameters in the INI file:
>>
>> https://github.com/openstack/quantum/blob/stable/folsom/etc/l3_agent.ini#L13
>>
>>
>>
>>  I was going through OVS agent code, found that it does not authenticate
>> with keystone, which I feel is a  security concern.
>>
>>
>>  The code that you are referring to is most probably for the l2 agent
>> interface.
>>
>>   self.rpc_context = context.RequestContext('quantum', 'quantum',
>>                                                   is_admin=False)
>>
>>  auth token is not sent while creating context.
>>
>>  Any considerations to do that way?
>>
>>  Thanks,
>>
>>  --
>> Ravi
>>
>>
>>  _______________________________________________
>> OpenStack-dev mailing listOpenStack-dev at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>
>
>  --
> Ravi
>
>
>


-- 
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130204/c70ec500/attachment.html>

More information about the OpenStack-dev mailing list