[openstack-dev] Trove : about trove-guestagent connecting to trove controller and rabbitmq

Li Tianqing jazeltq at 163.com
Sun Apr 19 04:35:41 UTC 2015


1) Can you give some best practice for trove?
2) What about the security for trove components?


--

Best
    Li Tianqing

At 2015-04-17 11:04:47, "Nikhil Manchanda" <nikhil at manchanda.me> wrote:

Hi Benoit:

The rabbitmq server that the trove components use to communicate with
each other doesn't (and in fact _shouldn't_) necessarily be the same
rabbitmq server that the core openstack services are using for
communcation.

In most real-world deployments of OpenStack Trove that I am aware of,
a separate in-cloud rabbitmq cluster is set up for Trove to use. The
Trove control plane (api / taskmanager / conductor) is also deployed
as a workload in the cloud and guest VMs also run as workloads in the
same cloud. Consequently, all communication happens between vms -- all
part of the same cloud. There isn't a necessity for the guest agent to
be able to communicate with the infrastructure rabbitmq server running
on bare-metal, so there really isn't a security concern here.

Hope this helps to clarify the situation,

Thanks,
Nikhil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150419/72efee48/attachment.html>


More information about the OpenStack-dev mailing list