openstack team mailing list archive

Thread
Date

Re: Messaging level auth

To: Joshua Harlow <harlowja@xxxxxxxxxxxxx>
From: l jv <ljvsss@xxxxxxxxx>
Date: Sun, 2 Oct 2011 09:27:04 +0800
Cc: openstack <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAAD0A0C.25226%harlowja@yahoo-inc.com>

If i am not wrong,the rabbitmq have a password

2011/10/2 Joshua Harlow <harlowja@xxxxxxxxxxxxx>

>  The question is more along the lines of this:
>
> So say u have ssl enabled, which is good.
>
> But should all actions/messages on the message queue also be verified
> before they are applied as coming from the correct user?
>
> Say u have an initial API call that says make me a server for user X.
>
> Now the scheduler gets that, it should then again verify that X can make a
> server (and so on).
>
> This kind of verification (time sensitive also) should seem like it would
> be useful, complimenting SSL for each component that receives a message.
>
> This would stop malicious (or limit) users hacking the message queue and
> spawning requests themselves. Just a thought.
>
>
> On 9/29/11 8:11 PM, "Mike Scherbakov" <mihgen@xxxxxxxxx> wrote:
>
> Joshua,
> your question scares me :)
>
> Actually you can define user/pass for rabbitmq:
> See in rpc/impl_kombu.py, which is used by default:
>  308         self.params = dict(hostname=FLAGS.rabbit_host,
>  309                           port=FLAGS.rabbit_port,
>  310                           userid=FLAGS.rabbit_userid,
>  311                           password=FLAGS.rabbit_password,
>  312                           virtual_host=FLAGS.rabbit_virtual_host)
>
> But this seems to be not secured connection, since I don't see here usage
> of SSL.
> In rpc/impl_carrot.py:
>   66             params = dict(hostname=FLAGS.rabbit_host,
>   67                           port=FLAGS.rabbit_port,
> *  68                           ssl=FLAGS.rabbit_use_ssl,
> *  69                           userid=FLAGS.rabbit_userid,
>   70                           password=FLAGS.rabbit_password,
>   71                           virtual_host=FLAGS.rabbit_virtual_host)
> but I never tried this carrot and don't know if it works.
>
> Can someone else clarify the question? It seems important in terms of
> security.
>
> Thanks,
>
> On Wed, Sep 21, 2011 at 2:20 PM, Joshua Harlow <harlowja@xxxxxxxxxxxxx>
> wrote:
>
> A quick security question.
>
> Is there any plan to force authentication/authorization of the rabbitmq
> messages?
>
> Right now it seems like keystone (tbd) will protect the
> external<->openstack layers but what about the openstack<->openstack layers.
>
> If someone got access to the rabbitmq it seems like without this kind of
> layer bad things could happen (create me 1000 nodes...).
>
> Has there been any thought in that area?
>
> -Josh
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

Re: Messaging level auth
From: Mike Scherbakov, 2011-10-02

References

Re: Messaging level auth
From: Mike Scherbakov, 2011-09-30
Re: Messaging level auth
From: Joshua Harlow, 2011-10-02