[Openstack-operators] Security Groups and Metadata Service
mriedemos at gmail.com
Wed Dec 6 23:16:13 UTC 2017
On 12/5/2017 3:32 AM, Saverio Proto wrote:
> we have this recurring problem with our users.
> An advanced user deletes all the default security groups to create his
> own. This user will define only ingress rules.
> Because there is no egress rule, the cloud-init will fail to open a
> connection to the metadata service.
> The user will open a ticket that he cant login into the VM, because of
> corse the SSH key was not injected.
> Does anyone has a good solution to prevent the user from setting the
> system in a such a way that does not work ??
> thank you
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
There is a config option to force the config drive on the compute
service - can you just set that to True so you're sure all VMs in your
cloud have a config drive so they can get the goodies they need in case
they can't reach the metadata service?
More information about the OpenStack-operators