Open Stack

I would not say that file injection is a requirement at the moment for
a nova hypervisor driver. In fact, there's been discussion for a
couple of releases about turning it off for everyone. I'd like to see
it deprecated in Havana for removal in Incarceration [1] if at all
possible. Some more discussion of if that's possible would be nice.

However, I do think you need to support configdrive if you're not
doing file injection. I say this because some deployments cannot use
metadata server (for example, network policy may not allow instances
to talk to infrastructure nodes). So, I think having that would be
good.

Michael

1: Or whatever we call the I release.

On Wed, May 8, 2013 at 12:09 PM, Robert Collins
<robertc at robertcollins.net> wrote:
> For baremetal, file injection is a scalability, security and
> performance headache.
>
> With virtual nodes, the overheads of injection are spread around many
> hypervisors; for baremetal each nova-compute can potentially run
> 1000's of instances, so you have far fewer compute processes, and the
> relative overhead is much higher.
>
> The image cache for nova compute doesn't help baremetal at all, as we
> have to copy the content to the node every time : we're planning on
> mitigating that with something to avoid bottlenecking on either glance
> or nova-compute - sharing the load between machines that are deploying
> the same image - e.g. bittorrent. File injection means we have a
> unique image or we have to transfer the content to be injected to the
> node being deployed on...
>
> And from a security perspective, copying secrets - in particular the
> replacement root password - over the network in an insecure fashion is
> troubling. TFTP isn't encrypted, and that's the boot process for
> baremetal. A salted password is substantially safer, but that would
> mean a significant layering violation if we pass that separate to the
> image, and if we pass it by injecting on the nova-compute node, we now
> have a different image.
>
> We could in principle generate a binary patch file to the image to
> apply after the identical base image, but we'd still need substantial
> complexity to ensure that scaled well and avoid issues when partition
> sizes are different etc.
>
> So - we'd like to make file injection either optional, or ideally just
> make it not exist for bare metal.
>
> Are there reasons we shouldn't/can't do that (e.g. is file injection a
> mandatory feature for a nova hypervisor driver?).
>
> -Rob
>
> --
> Robert Collins <rbtcollins at hp.com>
> Distinguished Technologist
> HP Cloud Services
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev