Excerpts from Dmitry Mescheryakov's message of 2013-12-10 08:15:15 -0800: > Guys, > > I see two major trends in the thread: > > * use Salt > * write our own solution with architecture similar to Salt or MCollective > > There were points raised pro and contra both solutions. But I have a > concern which I believe was not covered yet. Both solutions use either > ZeroMQ or message queues (AMQP/STOMP) as a transport. The thing is there is > going to be a shared facility between all the tenants. And unlike all other > OpenStack services, this facility will be directly accessible from VMs, > which leaves tenants very vulnerable to each other. Harm the facility from > your VM, and the whole Region/Cell/Availability Zone will be left out of > service. > > Do you think that is solvable, or maybe I overestimate the threat? >
I think Salt would be thrilled if we tested and improved its resiliency to abuse. We're going to have to do that with whatever we expose to VMs. _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
