[Openstack] How should an instance learn what tenant it is in?
Bhandaru, Malini K
malini.k.bhandaru at intel.com
Wed Jun 17 03:36:24 UTC 2015
Andrew, other ways information is passed to an instance is via the config drive, through pre- and post-scripts that run after instance launch.
That is how ssh keys are injected into an instance to facillitate secure login.
How about those techniques. Less of a hack?
-----Original Message-----
From: Andrew Bogott [mailto:abogott at wikimedia.org]
Sent: Tuesday, June 16, 2015 6:46 PM
To: openstack at lists.openstack.org
Subject: [Openstack] How should an instance learn what tenant it is in?
I have many uses cases in which an instance needs to know what project it is in. Right now I accomplish this through an intricate hack which involves hooking instance creation and writing the tenant name to an ldap record.
I'm considering rewriting this hack to write the tenant name into the metadata directly, but that will still be a hack. Is there an obvious, implemented solution to this that I'm missing? If not, would a nova patch that adds tenant id and name to the metadata be welcome? Or, are there security reasons for preventing an instance from knowing its tenant?
-Andrew
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
More information about the Openstack
mailing list