Brian Lamar wrote: >> Honestly, I think network injection is evil and I'd rather remove it >> completely. I'm certainly not too interested in trying to add more >> features to it. > > Can you elaborate on this a little more? Do you not like file injection > or dynamic network allocation?
It's an old discussion... in summary: Nova inserting stuff pre-booting into the VM it runs = evil, brittle and the source of countless past vulnerabilities VMs auto-configuring at boot-time using cloud-init based on data provided through generic input channels (config drive, metadata servers...) = good So this is not about disliking the ability to insert files or specify network parameters for a VM, it's about who is in charge of actually creating files and network configurations. Nova shouldn't have to learn about the specificities of the VM image it runs, nor should it have to mount VM filesystems before booting them. The VM itself should take care of the translation based on standardized input (if it wants to). > Can you provide alternative strategies that could be applied to solve > the issue of dynamically brining up interfaces or do you think this is > out of the project scope (controlling the internals of VMs)? Config-drive should pass that config to the VM, and cloud-init on the VM should pick it up. -- Thierry Carrez (ttx) _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
