Open Stack

Personally I'd like to see it made optional for Nova as well - it doesn't work universally with Guest Operating systems and with metadata server and config drive support providing two reasonable alternatives I don't see any reason for Nova to need to inject files into the Users filesystem

Phil

-----Original Message-----
From: Robert Collins [mailto:robertc at robertcollins.net] 
Sent: 07 May 2013 19:10
To: OpenStack Development Mailing List
Subject: [openstack-dev] [nova][ironic] making file injection optional / removing it

For baremetal, file injection is a scalability, security and performance headache.

With virtual nodes, the overheads of injection are spread around many hypervisors; for baremetal each nova-compute can potentially run 1000's of instances, so you have far fewer compute processes, and the relative overhead is much higher.

The image cache for nova compute doesn't help baremetal at all, as we have to copy the content to the node every time : we're planning on mitigating that with something to avoid bottlenecking on either glance or nova-compute - sharing the load between machines that are deploying the same image - e.g. bittorrent. File injection means we have a unique image or we have to transfer the content to be injected to the node being deployed on...

And from a security perspective, copying secrets - in particular the replacement root password - over the network in an insecure fashion is troubling. TFTP isn't encrypted, and that's the boot process for baremetal. A salted password is substantially safer, but that would mean a significant layering violation if we pass that separate to the image, and if we pass it by injecting on the nova-compute node, we now have a different image.

We could in principle generate a binary patch file to the image to apply after the identical base image, but we'd still need substantial complexity to ensure that scaled well and avoid issues when partition sizes are different etc.

So - we'd like to make file injection either optional, or ideally just make it not exist for bare metal.

Are there reasons we shouldn't/can't do that (e.g. is file injection a mandatory feature for a nova hypervisor driver?).

-Rob

--
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Cloud Services

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev