[openstack-dev] [oslo][nova] Messaging: everything can talk to everything, and that is a bad thing
Jay Pipes
jaypipes at gmail.com
Tue Mar 22 13:28:45 UTC 2016
On 03/21/2016 09:43 PM, Adam Young wrote:
> I had a good discussion with the Nova folks in IRC today.
>
> My goal was to understand what could talk to what, and the short
> according to dansmith
>
> " any node in nova land has to be able to talk to the queue for any
> other one for the most part: compute->compute, compute->conductor,
> conductor->compute, api->everything. There might be a few exceptions,
> but not worth it, IMHO, in the current architecture."
>
> Longer conversation is here:
> http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2016-03-21.log.html#t2016-03-21T17:54:27
>
> Right now, the message queue is a nightmare. All sorts of sensitive
> information flows over the message queue: Tokens (including admin) are
> the most obvious. Every piece of audit data. All notifications and all
> control messages.
It is indeed a nightmare, but not because of any security issues.
Solve security issues by isolating the management plane over which the
messages are sent. Do this using standard industry practice of firewall
rules.
Do NOT do this by adding ever more complexity to the setup and
configuration of the message queue itself.
-jay
More information about the OpenStack-dev
mailing list