openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #18286
Re: [ceilometer] Monitoring physical devices
On Mon, Nov 5, 2012 at 7:37 AM, Julien Danjou <julien@xxxxxxxxxxx> wrote:
> On Mon, Nov 05 2012, Doug Hellmann wrote:
>
> > If we make the current compute agent take an option telling it which
> > pollster namespace to use, then the same framework can load different
> > pollsters. However, there is a fundamental security issue with
> > communicating from an agent running inside a tenant's OS image using the
> > RPC stack. At DreamHost, and I suspect at other providers, that RPC
> network
> > is completely isolated from any tenant networks. We would not want a
> tenant
> > to be able to listen to the message bus, and definitely would not want it
> > to be able to write anything to the message bus.
>
> What makes you think an agent would run inside an instance? I mean, this
> is not what this is about, we're talking about hardware running OS.
>
When an image is deployed to bare metal, there is no container, right?
Doug
>
> --
> Julien Danjou
> # Free Software hacker & freelance
> # http://julien.danjou.info
>
Follow ups
References