[openstack-dev] [Oslo] oslo.messaging on VMs
Doug Hellmann
doug.hellmann at dreamhost.com
Thu Mar 6 16:33:19 UTC 2014
On Thu, Mar 6, 2014 at 10:25 AM, Dmitry Mescheryakov <
dmescheryakov at mirantis.com> wrote:
> Hello folks,
>
> A number of OpenStack and related projects have a need to perform
> operations inside VMs running on OpenStack. A natural solution would
> be an agent running inside the VM and performing tasks.
>
> One of the key questions here is how to communicate with the agent. An
> idea which was discussed some time ago is to use oslo.messaging for
> that. That is an RPC framework - what is needed. You can use different
> transports (RabbitMQ, Qpid, ZeroMQ) depending on your preference or
> connectivity your OpenStack networking can provide. At the same time
> there is a number of things to consider, like networking, security,
> packaging, etc.
>
> So, messaging people, what is your opinion on that idea? I've already
> raised that question in the list [1], but seems like not everybody who
> has something to say participated. So I am resending with the
> different topic. For example, yesterday we started discussing security
> of the solution in the openstack-oslo channel. Doug Hellmann at the
> start raised two questions: is it possible to separate different
> tenants or applications with credentials and ACL so that they use
> different queues? My opinion that it is possible using RabbitMQ/Qpid
> management interface: for each application we can automatically create
> a new user with permission to access only her queues. Another question
> raised by Doug is how to mitigate a DOS attack coming from one tenant
> so that it does not affect another tenant. The thing is though
> different applications will use different queues, they are going to
> use a single broker.
>
> Do you share Doug's concerns or maybe you have your own?
>
I would also like to understand why you don't consider Marconi the right
solution for this. It is supposed to be a message system that's safe to use
from within tenant images.
Doug
>
> Thanks,
>
> Dmitry
>
> [1]
> http://lists.openstack.org/pipermail/openstack-dev/2013-December/021476.html
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140306/8b72d865/attachment.html>
More information about the OpenStack-dev
mailing list