[openstack-dev] Unified Guest Agent proposal
Fox, Kevin M
kevin.fox at pnnl.gov
Mon Dec 16 17:10:29 UTC 2013
The idea being discussed is using 169.254.169.254 for long term messaging between a vm and some other process. For example, Trove -> TroveVM.
I guess this thread is getting too long. The details are getting lost.
From: Lars Kellogg-Stedman [lars at redhat.com]
Sent: Monday, December 16, 2013 8:18 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] Unified Guest Agent proposal
On Fri, Dec 13, 2013 at 11:32:01AM -0800, Fox, Kevin M wrote:
> I hadn't thought about that use case, but that does sound like it
> would be a problem.
That, at least, is not much of a problem, because you can block access
to the metadata via a blackhole route or similar after you complete
your initial configuration:
ip route add blackhole 169.254.169.254
This prevents access to the metadata unless someone already has root
access on the instance.
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ irc
Cloud Engineering / OpenStack | " " @ twitter
More information about the OpenStack-dev