openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #23949
Re: Using openstack to manage dedicated servers in a service provider setting
On 27 May 2013 07:01, Chris Bartels <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hi,
>
>
>
> I’m working on a startup that aims to rent dedicated servers to tech
> startups, and I would like to use OpenStack to manage the servers I rent
> out.
>
>
>
> I saw on the OpenStack Foundation YouTube channel there was a video there
> about using OpenStack to manage bare metal, but the presenter in the video
> had such a strong accent that I couldn’t understand anything they were
> saying & didn’t learn a thing from the video.
Which video in particular ? There are a number of groups who have been
taped presenting on bare metal things.
I'm part of a team working on using OpenStack [baremetal] to deploy
OpenStack [virtual]. So I'm happy to answer any questions.
http://www.openstack.org/summit/portland-2013/session-videos/presentation/provisioning-bare-metal-with-openstack
is a good video on the baremetal layer, which is what will interest
you I think.
That said, there are huge security issues with repurposing baremetal
from one tenant to another: in the absence of UEFI secure boot it is
possible for the prior tenant to inject hostile boot-time firmware
into physical devices that have software flashable EEPROMS. Currently
in OpenStack we have no mitigation for this at all: so I would very
strongly advise against using OpenStack baremetal to provide dedicated
machines.
What I suggest you do instead is provide KVM instances where the KVM
flavor size exactly matches the physical machines - so youre tenants
have the full capacity of the machine, and only the [low] overhead of
the KVM layer. This has a -much- better security story. You could use
TripleO - OpenStack on OpenStack - to manage this setup.
-Rob
--
Robert Collins <rbtcollins@xxxxxx>
Distinguished Technologist
HP Cloud Services
Follow ups
References