Excerpts from Amrith Kumar's message of 2015-06-04 12:46:37 +0000: > John, > > Thanks for your note. I've updated the review at > https://review.openstack.org/#/c/186357/ with answers to some of your > questions (and I added you to that review). > > Trove's use-case like some of the other projects listed is different from > Glance in that Trove has a guest agent. I've tried to explain that in more > detail in patch set 5. I'd appreciate your comments.
We solved this in Akanda by placing the service VMs in a special tenant, isolating them with security group rules, and then giving the agent running in the VM a REST API connected to a private management network owned by the same tenant that owns the VM. All communication with the agent starts from a service on the outside, through that management network. The VMs act as routers, so they are also attached to the cloud-user's networks, but the agent doesn't respond on those networks. Doug __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev