[Openstack-operators] [openstack-dev] [nova] Is verification of images in the image cache necessary?

Michael Still mikal at stillhq.com
Tue May 24 21:21:34 UTC 2016


On Wed, May 25, 2016 at 3:28 AM, Dan Smith <dms at danplanet.com> wrote:

> > It was my impression we were trying to prevent bitrot, not defend
> > against an attacker that has gained control over the compute node.
>
> I think we've established that addressing bitrot at the nova layer is
> (far) out of scope and not something we want or need to do in nova.
>

Hi, guy from awkward timezone here.

I wrote this code, in approximately the diablo timeline. So, its been
around for a long time (before pluggable instance storage backends for
example).

Originally I wanted to just write the cache cleaner, because that was the
bit I really needed in my deployment. The image verification thing was
added at the request of the PTL at the time, presumably for good reasons I
can't recall any more.

That said, I think its time has passed. It cases a lot of disk IO,
especially if you imagine that we're trying to do a checksum on a file that
might be 100gb. If people really care about this sort of thing, I think an
optional boot time verification per instance would be a reasonable path to
explore.

So, I vote for removing image verification (but not image cache cleaning).

Michael

-- 
Rackspace Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160525/7f1a8e1a/attachment.html>


More information about the OpenStack-operators mailing list