+1 This was our concern also with Trove. If a tenant DoSes Trove we probably don't all get fired. The rest of rabbit is just too important to risk sharing. On Sun, Sep 18, 2016 at 6:53 PM, Sam Morrison <sorrison at gmail.com> wrote: > We run completely separate clusters. I’m sure vhosts give you acceptable > security but it means also sharing disk and ram which means if something > went awry and generated lots of messages etc. it could take your whole > rabbit cluster down. > > Sam > > > > On 17 Sep 2016, at 3:34 PM, Joe Topjian <joe at topjian.net> wrote: > > > > Hi all, > > > > We're planning to deploy Murano to one of our OpenStack clouds and I'm > debating the RabbitMQ setup. > > > > For background: the Murano agent that runs on instances requires access > to RabbitMQ. Murano is able to be configured with two RabbitMQ services: > one for traditional OpenStack communication and one for the Murano/Agent > communication. > > > > From a security/segregation point of view, would vhost separation on our > existing RabbitMQ cluster be sufficient? Or is it recommended to have an > entirely separate cluster? > > > > As you can imagine, I'd like to avoid having to manage *two* RabbitMQ > clusters. :) > > > > Thanks, > > Joe > > _______________________________________________ > > OpenStack-operators mailing list > > OpenStack-operators at lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160918/adcf6081/attachment.html>