[openstack-dev] Disabling file injection *by default*

Richard W.M. Jones rjones at redhat.com
Tue Jan 21 22:31:15 UTC 2014

On Wed, Jan 22, 2014 at 10:57:29AM +1300, Robert Collins wrote:

I'm a bit surprised that file injection is on by default.  I thought
it was disabled by default upstream.  (Just checked and it is enabled
as you say.)  So yes, file injection should be off by default, but
read below.

> There's nothing wrong with libguestfs, this is about the feature which
> has been discussed, here, a lot :) - for delivering metadata to
> images, config-drive || metadata service are much better.

I generally agree that it's nicer to use cloud-init etc instead of
injection, although some (declining) number of guests that people want
to run might not have cloud-init.

The current file injection setting is tricky from the libguestfs point
of view because all we have is this "inject_partition" integer ... per
Nova instance!  The knob makes no sense since libguestfs can inspect
guests, and it definitely makes no sense that the user can't set it
when uploading a guest to glance or starting a guest.  [Or is this
possible?  I've never found a way]  This single "partition" setting is
a hang-over from some really ancient code that predates libguestfs
file injection, and we just reused and overloaded the same setting.

"inject_password" similarly.

> Hypervisors shouldn't be in the business of tinkering inside VM file
> systems at all.

Yes and no.  In theory there should be a clean separation.  In
practice libguestfs lets you do some wonderful things based on
tinkering inside VMs :-)


Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)

More information about the OpenStack-dev mailing list