Hello. Currently when using a network with ConfigDrive, the generated iso will remain attached to the virtual machine. The said iso contains sensitive information such as root password, which is a complete security nightmare. It seems that it also keeps reseting root password to the one present on ConfigDrive even if no other userdata has changed each reboot as a consequence of staying attached. That would be a disaster in production environments. This one could be our misconfiguration, but it does not happen when using Virtual Router cloud config.
Is there any built-in way to eject and destroy the ConfigDrive iso after it has been used by the VM or a subsequent boot has been performed? Removing the iso with external tools will only have CloudStack return it the next boot. Having plain-text root password in /dev/sr0 available to anyone is far from ideal as I'm sure all of you can imagine. We are using XCP-ng as our hypervisor and if we look at how Xen Orchestra deals with ConfigDrive, it offers an option to destroy cloud config drive after first boot. Lugupidamisega / Best regards, Joann Mõndresku Süsteemiadministraator | Systems Administrator | [email protected] WaveCom AS | ISO 9001, 27001 & 27017 Certified DC and Cloud services Endla 16, Tallinn 10142 | www.wavecom.ee | www.facebook.com/wavecom.ee
