On 12 July 2013 20:43, Thierry Carrez <[email protected]> wrote: > Brian Lamar wrote: >>> Honestly, I think network injection is evil and I'd rather remove it >>> completely. I'm certainly not too interested in trying to add more >>> features to it. >> >> Can you elaborate on this a little more? Do you not like file injection >> or dynamic network allocation? > > It's an old discussion... in summary: > > Nova inserting stuff pre-booting into the VM it runs = evil, brittle and > the source of countless past vulnerabilities > > VMs auto-configuring at boot-time using cloud-init based on data > provided through generic input channels (config drive, metadata > servers...) = good > > So this is not about disliking the ability to insert files or specify > network parameters for a VM, it's about who is in charge of actually > creating files and network configurations. Nova shouldn't have to learn > about the specificities of the VM image it runs, nor should it have to > mount VM filesystems before booting them. The VM itself should take care > of the translation based on standardized input (if it wants to). > >> Can you provide alternative strategies that could be applied to solve >> the issue of dynamically brining up interfaces or do you think this is >> out of the project scope (controlling the internals of VMs)? > > Config-drive should pass that config to the VM, and cloud-init on the VM > should pick it up.
Or the instance should just auto-adjust. Chris Jones wrote some code for that for tripleo, but we can't use it until we can disable file injection... and I can't find where we stashed it. Chris? -Rob -- Robert Collins <[email protected]> Distinguished Technologist HP Cloud Services _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
