Open Stack

On Jan 29, 2013, at 4:11 PM, Esun Kim <veblush+openstack at gmail.com> wrote:

>>> Hi!
>>> 
>>> These day I try to find way to let VM instances access information
>>> that a cloud controller has. VM instances already have a limited
>>> way to get information by using server meta-data system.
>>> But meta-data don't look customizable and I'm not sure that this spot
>>> is a good starting point for providing additional data to VMs.
>>> I want to give a specific VM instance a full VM list in a tenant
>>> which is too big to be put into meta-data and dynamic.
>>> 
>>> Any suggestions and experiences are welcome!
>> 
>> I would suggest giving the vm credentials to hit the public api in this case.
>> Putting large dynamic data in metadata seems a bit messy.
>> 
>> You could lock down role permissions a bit and create a role that only has
>> permission to list vms.
>> 
>> Vish
> 
> Thanks for your suggestion.
> 
> You mean that to handle this problem,
> 
> 1. Make a link between a VM instance and a cloud controller
>   by configuration some network.
> 2. Treat a VM instance as a normal node (like a compute-node) and
>   provide a service to a VM under the role control.

No, I'm suggesting that the vm acts as a user. The vm can access the
public api in the same way a normal user would by providing a username
and password to keystone and getting a token. You just need to ensure
that the user has a very limited set of capabilities so it can't
launch and terminate instances, etc.

Vish