Nova Instance user spec..... https://review.openstack.org/222293
We really really need to solve this. it is affecting almost every project in one way or another. Can we please get a summit session dedicated to the topic? Last summit we had only 10 minutes. :/ Thanks, Kevin ________________________________________ From: Adam Young [ayo...@redhat.com] Sent: Tuesday, April 05, 2016 3:00 PM To: OpenStack Development Mailing List Subject: [openstack-dev] [nova] Minimal secure identification of a new VM We have a use case where we want to register a newly spawned Virtual machine with an identity provider. Heat also has a need to provide some form of Identity for a new VM. Looking at the set of utilities right now, there does not seem to be a secure way to do this. Injecting files does not provide a path that cannot be seen by other VMs or machines in the system. For our use case, a short lived One-Time-Password is sufficient, but for others, I think asymmetric key generation makes more sense. Is the following possible: 1. In cloud-init, the VM generates a Keypair, then notifies the No0va infrastructure (somehow) that it has done so. 2. Nova Compute reads the public Key off the device and sends it to conductor, which would then associate the public key with the server? 3. A third party system could then validate the association of the public key and the server, and build a work flow based on some signed document from the VM? __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
