[Openstack] OS API server password generation

Ed Leafe ed at leafe.com
Thu Mar 3 15:57:14 UTC 2011

On Mar 3, 2011, at 10:36 AM, George Reese wrote:

> I don't agree with this approach.
> The current Cloud Servers approach is flawed. I wrote about this a year ago:
> http://broadcast.oreilly.com/2010/02/the-sacred-barrier.html

	FWIW, I agree with what you're saying. Please understand, though, that I don't make the decisions on how things are done in Rackspace. We used to handle instance creation differently, but once we started offering Windows VMs, things had to change. I know very little about the workings of Windows VMs, and what the options are for configuring security on them at instance creation time, so I can't speak to how feasible such a change would be.

> It's a mistake to send OpenStack pursuing a flaw in Cloud Servers.

	Again, you seem to have missed my point. OpenStack is *not* working on this. 

	I am part of the ozone team, and we are focusing on Rackspace-specific additions to the OpenStack codebase to enable OpenStack to be more or less a drop-in replacement to the current Cloud Servers. Once that changeover is accomplished, we can then focus on improvements and new features and all the other good stuff that the rest of the OpenStack community will come up with. It is wrong to assume that anything we are doing will somehow be forced onto OpenStack, or that anyone will be forced to accept what they see as compromised solutions. The agent approach we're using is entirely optional, and if you want to use such an agent-based approach, you can create your own agent to work how you want.

	Does *that* clear up things? Or do you still see this as an OpenStack problem?

-- Ed Leafe

More information about the Openstack mailing list