Create OpenStack VMs in few seconds

Sean Mooney smooney at redhat.com
Tue Mar 30 12:51:02 UTC 2021


On 30/03/2021 13:23, open infra wrote:
>
>
> On Thu, Mar 25, 2021 at 8:17 PM Sean Mooney <smooney at redhat.com 
> <mailto:smooney at redhat.com>> wrote:
>
>     This is a demo of a third party extention that was never upstreamed.
>
>     nova does not support create a base vm and then doing a local live
>     migration or restore for memory snapshots to create another vm.
>
> I just need to understand the risk and impact here but not desperately 
> trying to use the technology.
> Let say there won't be multiple tenants, but different users supposed 
> to access stateless VMs.
> Is it still secure?

you will need to ask the third party vendor who forked openstack to 
produce it.
in general i dont think cross projefct/teant shareing of stateless vm 
memory would be safe.
we dont know why the image is loading into memory  when it boots.
within the same project it might be but upstream cant really say since 
we have not review that code.
what i would be most worried about is any keys that might be loaded by 
cloud init or similar that would be differnt
between instances. im skeptical that this is actually a generic solution 
that should be implemented in a cloud environment.

>
>     this approch likely has several security implciations that would
>     not be
>     accpeatable in a multi tenant enviornment.
>
>     we have disucssed this type of vm creation in the past and determined
>     that it is not a valid implematnion of spawn. a virt driver that
>     precreate vms or copys an existing instance can be faster but that
>     virt
>     driver is not considered a compliant implementation.
>
>     so in short there is no way to achive this today in a compliant
>     openstack powered cloud.
>
>




More information about the openstack-discuss mailing list