[Openstack-operators] Security Groups and Metadata Service
Matt Riedemann
mriedemos at gmail.com
Wed Dec 6 23:16:13 UTC 2017
On 12/5/2017 3:32 AM, Saverio Proto wrote:
> Hello,
>
> we have this recurring problem with our users.
>
> An advanced user deletes all the default security groups to create his
> own. This user will define only ingress rules.
>
> Because there is no egress rule, the cloud-init will fail to open a
> connection to the metadata service.
>
> The user will open a ticket that he cant login into the VM, because of
> corse the SSH key was not injected.
>
> Does anyone has a good solution to prevent the user from setting the
> system in a such a way that does not work ??
>
> thank you
>
> Saverio
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
There is a config option to force the config drive on the compute
service - can you just set that to True so you're sure all VMs in your
cloud have a config drive so they can get the goodies they need in case
they can't reach the metadata service?
--
Thanks,
Matt
More information about the OpenStack-operators
mailing list