Open Stack

On Mon, 13 May 2013, Devananda van der Veen wrote:

> On Mon, May 13, 2013 at 9:47 AM, Scott Moser <smoser at ubuntu.com> wrote:
>
> > On Fri, 10 May 2013, Clint Byrum wrote:
> >

> > I largely agree here, but we have config-drive in nova.  I think it makes
> > sense to have an analog in bare metal provisioning.  In bare metal, it
> > would actually allow the nodes to never have access to the management
> > network while in "user" possession (ie, detach pxe/management network
> > after system installed).
> >
> >
> Config drive for baremetal seems possible for some (but not all) hardware.
> Clearly, we'll need to support multiple deployment models :)

Can you give an example of what hardware would not be supported?

> However, detaching from the management network seems like less than great
> security to me. The moment that the user requests any management of their
> instance be performed, you'll have to reconnect it to the management
> network *before* you can power it down (or do what ever else you need).
> There is still a clear (though perhaps shorter) window where the tenant has
> access to the management network.

> Also, the management network is the only vector for the cloud operator to
> monitor the health of a bare metal instance (eg., poll power state and hw
> sensors over IPMI). Not having that visibility seems, well, like a bad idea
> to me.

You seem to assume there that ipmi or other power control is on the same
network as the pxe boot or other network that the user needs to use.
I dont think that is necessarily true. That may be a silly/broken
limitation of ipmi (ipmi does have shortcomings for untrusted occupant).