[openstack-dev] [nova] Libguestfs: possibility not to use it, even when installed ?

Matthew Booth mbooth at redhat.com
Thu Feb 19 10:43:58 UTC 2015


On 18/02/15 18:23, Raphael Glon wrote:
> Hi,
> 
> This is about review:
> https://review.openstack.org/#/c/156633/
> 
> 1 line, can be controversial
> 
> Its purpose is to add the possibility not to use libguestfs for data
> injection in nova, even when installed.
> 
> Not discussing about the fact that libguestfs should be preferred over
> fuse mounts for data injection as much as possible because mounts are
> more subject to causing security issues (and already have in the past
> nova releases).
> 
> However, there are a lot of potential cases when libguestfs won't be
> usable for data injection
> 
> This was the case here (fixed):
> https://bugzilla.redhat.com/show_bug.cgi?id=984409
> 
> I entcountered a similar case more recently on powerkvm 2.1.0 (defect
> with the libguestfs)
> 
> So just saying it could be good adding a simple config flag (set to True
> by default, to keep the current behaviour untouched) to force nova not
> using libguestfs without having to uninstall it and thus prevent other
> users on the host from using it.

A big -1 to this. You seem to be saying that there were bugs in a
library, which were fixed. News at 11. This isn't a realistic way to
manage a large software stack.

Matt
-- 
Matthew Booth
Red Hat Engineering, Virtualisation Team

Phone: +442070094448 (UK)
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490



More information about the OpenStack-dev mailing list