Open Stack

Brian Lamar wrote:
>> Honestly, I think network injection is evil and I'd rather remove it
>> completely. I'm certainly not too interested in trying to add more
>> features to it.
> 
> Can you elaborate on this a little more? Do you not like file injection
> or dynamic network allocation?

It's an old discussion... in summary:

Nova inserting stuff pre-booting into the VM it runs = evil, brittle and
the source of countless past vulnerabilities

VMs auto-configuring at boot-time using cloud-init based on data
provided through generic input channels (config drive, metadata
servers...) = good

So this is not about disliking the ability to insert files or specify
network parameters for a VM, it's about who is in charge of actually
creating files and network configurations. Nova shouldn't have to learn
about the specificities of the VM image it runs, nor should it have to
mount VM filesystems before booting them. The VM itself should take care
of the translation based on standardized input (if it wants to).

> Can you provide alternative strategies that could be applied to solve
> the issue of dynamically brining up interfaces or do you think this is
> out of the project scope (controlling the internals of VMs)?

Config-drive should pass that config to the VM, and cloud-init on the VM
should pick it up.

-- 
Thierry Carrez (ttx)