[openstack-dev] [nova] File injection, config drive and cloud-init

Mark Boo mrkzmrkz at gmail.com
Thu Jun 11 21:07:03 UTC 2015


Hello,

I've been doing some research about file injection in VM instances at boot
time, I found[1] that there are several ways of doing it, including
mounting images[2] (using guestfs, loops and nbd), using config drive
(creating a device and making it available to mount it in the instance) and
using the metadata service (cloud-init).

However I also found that file injection was disabled by default in the
Icehouse release[3]:
"File injection is now disabled by default in OpenStack Compute. Instead it
is recommended that the ConfigDrive and metadata server facilities are used
to modify guests at launch. To enable file injection modify the inject_key
and inject_partition configuration keys in /etc/nova/nova.conf and restart
the Compute services. The file injection mechanism is likely to be disabled
in a future release."

In addition, the blueprint[4] about this mentions that this could be
deprecated in the future:

"With ConfigDrive and Metadata service combined there is no need for
fiddling inside VM images at deployment time - images can consult metadata
locally (configdrive) or network (metadata service).
Disabling it by default is thus sane, and we can review whether to
deprecate and remove it entirely in future."


I've also asked in #openstack-operators (thanks to folks there for pointing
out all this useful information) for the most used way for injecting files
in instances and (IIRC) they said that cloud-init + config drive were the
common methods.

Now my questions are:

- Is this (file injection using image mounting) likely to be deprecated at
some point in the future?
- What functionality is missing (if any) in config drive / metadata service
solutions to completely replace file injection?
- Which of them is the fastest and most secure?

I would appreciate any comment or corrections in my research about this
topic, I'm still learning about Openstack :-)

[1] -
https://kimizhang.wordpress.com/2014/03/18/how-to-inject-filemetassh-keyroot-passworduserdataconfig-drive-to-a-vm-during-nova-boot/
[2] - https://www.berrange.com/posts/2012/11/15/692/
[3] -
https://wiki.openstack.org/wiki/ReleaseNotes/Icehouse#OpenStack_Compute_.28Nova.29
[4] -
https://blueprints.launchpad.net/nova/+spec/disable-file-injection-by-default

--
Simental Magana Marcos
GPG unsigned
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150611/cfc2c651/attachment.html>


More information about the OpenStack-dev mailing list