[openstack-dev] [nova] File injection, config drive and cloud-init

Michael Still mikal at stillhq.com
Thu Jun 11 22:34:05 UTC 2015


On Fri, Jun 12, 2015 at 7:07 AM, Mark Boo <mrkzmrkz at gmail.com> wrote:


> Now my questions are:
> - Is this (file injection using image mounting) likely to be deprecated at
> some point in the future?

Yes, we've been building up to that for a long time and I can't see is
not doing it. Its important because file injection is much harder to
make secure. We've had security vulnerabilities around file injection
in the past, and while I don't know of any at the moment we've decided
its best just to move to the other two mechanisms.

> - What functionality is missing (if any) in config drive / metadata service
> solutions to completely replace file injection?

None that I am aware of. In fact, these two other options provide you
with more data than you'd get with file injection.

> - Which of them is the fastest and most secure?

I don't think there's a speed difference between the two of them --
they both use the same backend to gather the data to expose. That
said, I think config drive is popular because its simple -- everyone
knows how to use a local disks.


Rackspace Australia

More information about the OpenStack-dev mailing list