[openstack-dev] [Openstack] Improve inject network configuration
robertc at robertcollins.net
Fri Jul 12 09:21:33 UTC 2013
On 12 July 2013 20:43, Thierry Carrez <thierry at openstack.org> wrote:
> Brian Lamar wrote:
>>> Honestly, I think network injection is evil and I'd rather remove it
>>> completely. I'm certainly not too interested in trying to add more
>>> features to it.
>> Can you elaborate on this a little more? Do you not like file injection
>> or dynamic network allocation?
> It's an old discussion... in summary:
> Nova inserting stuff pre-booting into the VM it runs = evil, brittle and
> the source of countless past vulnerabilities
> VMs auto-configuring at boot-time using cloud-init based on data
> provided through generic input channels (config drive, metadata
> servers...) = good
> So this is not about disliking the ability to insert files or specify
> network parameters for a VM, it's about who is in charge of actually
> creating files and network configurations. Nova shouldn't have to learn
> about the specificities of the VM image it runs, nor should it have to
> mount VM filesystems before booting them. The VM itself should take care
> of the translation based on standardized input (if it wants to).
>> Can you provide alternative strategies that could be applied to solve
>> the issue of dynamically brining up interfaces or do you think this is
>> out of the project scope (controlling the internals of VMs)?
> Config-drive should pass that config to the VM, and cloud-init on the VM
> should pick it up.
Or the instance should just auto-adjust. Chris Jones wrote some code
for that for tripleo, but we can't use it until we can disable file
injection... and I can't find where we stashed it.
Robert Collins <rbtcollins at hp.com>
HP Cloud Services
More information about the OpenStack-dev