[openstack-dev] Nova config drive rebuilding
uri_simchoni at hotmail.com
Wed Aug 7 06:42:20 UTC 2013
> Date: Wed, 7 Aug 2013 18:25:47 +1200
> From: robertc at robertcollins.net
> To: openstack-dev at lists.openstack.org
> Subject: Re: [openstack-dev] Nova config drive rebuilding
> On 7 August 2013 18:08, Uri Simchoni <uri_simchoni at hotmail.com> wrote:
>> As far as I can tell (from testing and looking at the code, at least for libvirt driver), the config drive is not rebuilt after initial spawning (except for some migration scenarios), which means the guest cannot see updates to its metadata.
>> Is this a valid statement, and would it make sense to have the disk rebuilt on events such as suspend/resume or stop/start?
> Thats certainly my understanding and one of the reasons I dislike it :).
Looking at the http-based alternative, can it be made to be more secure? On my OVS-based system I was able to easily steal the metadata of another instance on the same network by changing my instance's IP address. It appears to be suitable only for publishing things to instances, but not for sharing secrets.
More information about the OpenStack-dev