[openstack-dev] [nova] Device tagging: rebuild config drive upon instance reboot to refresh metadata on it

Daniel P. Berrange berrange at redhat.com
Mon Feb 27 15:33:26 UTC 2017


On Mon, Feb 27, 2017 at 10:30:33AM -0500, Artom Lifshitz wrote:
> >  - virtio-vsock - think of this as UNIX domain sockets between the host and
> >    guest.  This is to deal with the valid use case of people wanting to use
> >    a network protocol, but not wanting an real NIC exposed to the guest/host
> >    for security concerns. As such I think it'd be useful to run the metadata
> >    service over virtio-vsock as an option. It'd likely address at lesat some
> >    people's security concerns wrt metadata service. It would also fix the
> >    ability to use the metadat service in IPv6-only environments, as we would
> >    not be using IP at all :-)
> 
> Is this currently exposed by libvirt? I had a look at [1] and couldn't
> find any mention of 'vsock' or anything that resembles what you've
> described.

Not yet. The basic QEMU feature merged in 2.8.0, but we're still wiring
up varous bits of userspace. eg selinux-policy, libvirt, nfs server, and
so on to understand vsock

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|



More information about the OpenStack-dev mailing list