On 30/03/2021 13:23, open infra wrote:
On Thu, Mar 25, 2021 at 8:17 PM Sean Mooney <smooney@redhat.com <mailto:smooney@redhat.com>> wrote:
This is a demo of a third party extention that was never upstreamed.
nova does not support create a base vm and then doing a local live migration or restore for memory snapshots to create another vm.
I just need to understand the risk and impact here but not desperately trying to use the technology. Let say there won't be multiple tenants, but different users supposed to access stateless VMs. Is it still secure?
you will need to ask the third party vendor who forked openstack to produce it. in general i dont think cross projefct/teant shareing of stateless vm memory would be safe. we dont know why the image is loading into memory when it boots. within the same project it might be but upstream cant really say since we have not review that code. what i would be most worried about is any keys that might be loaded by cloud init or similar that would be differnt between instances. im skeptical that this is actually a generic solution that should be implemented in a cloud environment.
this approch likely has several security implciations that would not be accpeatable in a multi tenant enviornment.
we have disucssed this type of vm creation in the past and determined that it is not a valid implematnion of spawn. a virt driver that precreate vms or copys an existing instance can be faster but that virt driver is not considered a compliant implementation.
so in short there is no way to achive this today in a compliant openstack powered cloud.