[Openstack-operators] Security Groups and Metadata Service

Matt Riedemann mriedemos at gmail.com
Wed Dec 6 23:16:13 UTC 2017


On 12/5/2017 3:32 AM, Saverio Proto wrote:
> Hello,
> 
> we have this recurring problem with our users.
> 
> An advanced user deletes all the default security groups to create his
> own. This user will define only ingress rules.
> 
> Because there is no egress rule, the cloud-init will fail to open a
> connection to the metadata service.
> 
> The user will open a ticket that he cant login into the VM, because of
> corse the SSH key was not injected.
> 
> Does anyone has a good solution to prevent the user from setting the
> system in a such a way that does not work ??
> 
> thank you
> 
> Saverio
> 
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> 

There is a config option to force the config drive on the compute 
service - can you just set that to True so you're sure all VMs in your 
cloud have a config drive so they can get the goodies they need in case 
they can't reach the metadata service?

-- 

Thanks,

Matt



More information about the OpenStack-operators mailing list