On Mon, Nov 5, 2012 at 7:37 AM, Julien Danjou <jul...@danjou.info> wrote:
> On Mon, Nov 05 2012, Doug Hellmann wrote: > > > If we make the current compute agent take an option telling it which > > pollster namespace to use, then the same framework can load different > > pollsters. However, there is a fundamental security issue with > > communicating from an agent running inside a tenant's OS image using the > > RPC stack. At DreamHost, and I suspect at other providers, that RPC > network > > is completely isolated from any tenant networks. We would not want a > tenant > > to be able to listen to the message bus, and definitely would not want it > > to be able to write anything to the message bus. > > What makes you think an agent would run inside an instance? I mean, this > is not what this is about, we're talking about hardware running OS. > When an image is deployed to bare metal, there is no container, right? Doug > > -- > Julien Danjou > # Free Software hacker & freelance > # http://julien.danjou.info >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp