[Openstack-operators] Security Groups and Metadata Service

Matt Riedemann mriedemos at gmail.com
Wed Dec 6 23:16:13 UTC 2017

On 12/5/2017 3:32 AM, Saverio Proto wrote:
> Hello,
> we have this recurring problem with our users.
> An advanced user deletes all the default security groups to create his
> own. This user will define only ingress rules.
> Because there is no egress rule, the cloud-init will fail to open a
> connection to the metadata service.
> The user will open a ticket that he cant login into the VM, because of
> corse the SSH key was not injected.
> Does anyone has a good solution to prevent the user from setting the
> system in a such a way that does not work ??
> thank you
> Saverio
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

There is a config option to force the config drive on the compute 
service - can you just set that to True so you're sure all VMs in your 
cloud have a config drive so they can get the goodies they need in case 
they can't reach the metadata service?




More information about the OpenStack-operators mailing list