[openstack-dev] [quantum] RPC communication agent to quantum server
Ravi Chunduru
ravivsn at gmail.com
Tue Feb 5 18:38:02 UTC 2013
In my opinion, the security option in RPC must be mandatory across all
components in opentstack instead of leaving it to the users to configure.
Eric,
Can I get the link to the BP.
Thanks,
-Ravi.
On Tue, Feb 5, 2013 at 6:47 AM, Eric Windisch <eric at cloudscaling.com> wrote:
>
>
>
> On Tuesday, February 5, 2013 at 06:19 AM, Gary Kotton wrote:
>
> > On 02/05/2013 04:52 AM, Dan Wendlandt wrote:
> > >
> > > On Mon, Feb 4, 2013 at 8:02 AM, Ravi Chunduru <ravivsn at gmail.com(mailto:
> ravivsn at gmail.com)> wrote:
> > > > Thanks Gary.
> > > >
> > > > I feel RPC should use keystone authentication else it is a security
> concern.
> > >
> > > My understanding is that depending on your config, certain of the
> message bus services used by openstack projects for RPC support basic auth,
> but I was not aware of any that used keystone. Keystone is generally used
> for authenticating access to the openstack rest APIs, either by tenants,
> admins, or others services (e.g., nova calling quantum).
> >
> > Dan, you are correct. Keystone is not used with the RPC.
> >
> > If the RPC is a concern then there is an configuration option to set
> this as encrypted. I have never tried it...
>
> As Gary implied, there is SSL support for RabbitMQ and Kombu. This
> provides confidentiality, but not confidence.
>
> I own a blueprint to implement signed messaging over RPC to provide
> confidence. However, it is at risk of missing the window for Grizzly. It is
> being actively worked on, but we got a late start.
>
> Regards,
> Eric Windisch
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130205/461166f3/attachment.html>
More information about the OpenStack-dev
mailing list