[openstack-dev] [oslo][nova] Messaging: everything can talk to everything, and that is a bad thing

Dan Smith dms at danplanet.com
Tue Mar 22 21:42:39 UTC 2016

>> Shouldn't we be trying to remove central bottlenecks by
>> decentralizing communications where we can?
> I think that's a good goal to continue having. Some deployers have
> setup firewalls between compute nodes, or between compute nodes and
> the database, so we use the conductor to facilitate communications
> between those nodes. But in general we don't want to send all
> communications through the conductor.

Yep, I think we generally look forward to having all the resize and
migrate communication coordinated through conductor, but not really for
security reasons specifically. However, I don't think that pumping
everything through conductor for, say, api->compute communication is
something we should do.

As several of us said in IRC yesterday, I'd really like nodes to be able
to authenticate the sender of a message and not do things based on who
sent it and whether that makes sense or not. Adding a bunch of
broker-specific configuration requirements to achieve a security goal
(and thus assuming the queue is never compromised) is not really where I
want to see us go.


More information about the OpenStack-dev mailing list