[openstack-dev] Unified Guest Agent proposal

Dmitry Mescheryakov dmescheryakov at mirantis.com
Mon Dec 9 19:15:13 UTC 2013


2013/12/9 Kurt Griffiths <kurt.griffiths at rackspace.com>

>  This list of features makes me *very* nervous from a security
> standpoint. Are we talking about giving an agent an arbitrary shell command
> or file to install, and it goes and does that, or are we simply triggering
> a preconfigured action (at the time the agent itself was installed)?
>
>
I believe the agent must execute only a set of preconfigured actions
exactly due to security reasons. It should be up to the using project
(Savanna/Trove) to decide which actions must be exposed by the agent.



>   From: Steven Dake <sdake at redhat.com>
> Reply-To: OpenStack Dev <openstack-dev at lists.openstack.org>
> Date: Monday, December 9, 2013 at 11:41 AM
> To: OpenStack Dev <openstack-dev at lists.openstack.org>
>
> Subject: Re: [openstack-dev] Unified Guest Agent proposal
>
>  In terms of features:
> * run shell commands
> * install files (with selinux properties as well)
> * create users and groups (with selinux properties as well)
> * install packages via yum, apt-get, rpm, pypi
> * start and enable system services for systemd or sysvinit
> * Install and unpack source tarballs
> * run scripts
> * Allow grouping, selection, and ordering of all of the above operations
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131209/485188fc/attachment.html>


More information about the OpenStack-dev mailing list