[openstack-dev] [oslo][nova] Messaging: everything can talk to everything, and that is a bad thing

Jay Pipes jaypipes at gmail.com
Tue Mar 22 13:28:45 UTC 2016

On 03/21/2016 09:43 PM, Adam Young wrote:
> I had a good discussion with the Nova folks in IRC today.
> My goal was to understand what could talk to what, and the short
> according to dansmith
> " any node in nova land has to be able to talk to the queue for any
> other one for the most part: compute->compute, compute->conductor,
> conductor->compute, api->everything. There might be a few exceptions,
> but not worth it, IMHO, in the current architecture."
> Longer conversation is here:
>   http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2016-03-21.log.html#t2016-03-21T17:54:27
> Right now, the message queue is a nightmare.  All sorts of sensitive
> information flows over the message queue: Tokens (including admin) are
> the most obvious.  Every piece of audit data. All notifications and all
> control messages.

It is indeed a nightmare, but not because of any security issues.

Solve security issues by isolating the management plane over which the 
messages are sent. Do this using standard industry practice of firewall 

Do NOT do this by adding ever more complexity to the setup and 
configuration of the message queue itself.


More information about the OpenStack-dev mailing list