[Openstack-operators] [nova] Metadata service over virtio-vsock

Artom Lifshitz alifshit at redhat.com
Mon Feb 20 18:22:36 UTC 2017


We've been having a discussion [1] in openstack-dev about how to best
expose dynamic metadata that changes over a server's lifetime to the
server. The specific use case is device role tagging with hotplugged
devices, where a network interface or volume is attached with a role
tag, and the guest would like to know what that role tag is right
away.

The metadata API currently fulfills this function, but my
understanding is that it's not hugely popular amongst operators and is
therefore not universally deployed.

Dan Berrange came up with an idea [2] to add virtio-vsock support to
Nova. To quote his explanation, " think of this as UNIX domain sockets
between the host and guest. [...] It'd likely address at least some
people's security concerns wrt metadata service. It would also fix the
ability to use the metadata service in IPv6-only environments, as we
would not be using IP at all."

So to those operators who are not deploying the metadata service -
what are your reasons for doing so, and would those concerns be
addressed by Dan's idea?

Cheers!

[1] http://lists.openstack.org/pipermail/openstack-dev/2017-February/112490.html
[2] http://lists.openstack.org/pipermail/openstack-dev/2017-February/112602.html

--
Artom Lifshitz



More information about the OpenStack-operators mailing list