On Wed, 7 Aug 2013, Uri Simchoni wrote: > ---------------------------------------- > > Date: Wed, 7 Aug 2013 18:25:47 +1200 > > From: [email protected] > > To: [email protected] > > Subject: Re: [openstack-dev] Nova config drive rebuilding > > > > On 7 August 2013 18:08, Uri Simchoni <[email protected]> wrote: > >> Hi, > >> > >> As far as I can tell (from testing and looking at the code, at least for > >> libvirt driver), the config drive is not rebuilt after initial spawning > >> (except for some migration scenarios), which means the guest cannot see > >> updates to its metadata. > >> > >> Is this a valid statement, and would it make sense to have the disk > >> rebuilt on events such as suspend/resume or stop/start? > > > > Thats certainly my understanding and one of the reasons I dislike it :). > > > > Looking at the http-based alternative, can it be made to be more secure? > On my OVS-based system I was able to easily steal the metadata of > another instance on the same network by changing my instance's IP > address. It appears to be suitable only for publishing things to > instances, but not for sharing secrets.
That would appear to be a security issue. AFAIK, that is not intended. Please open a bug. _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
