yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1114634] Re: baremetal deploy does file injection on local disk

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Robert Collins <1114634@xxxxxxxxxxxxxxxxxx>
Date: Wed, 08 May 2013 02:19:28 -0000
Reply-to: Bug 1114634 <1114634@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm going to close this with prejudice: having thought about it, this
would lead to unencrypted - or sniffable keys - same thing - disclosure
of root passwords.

** No longer affects: tripleo

** Changed in: nova
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1114634

Title:
  baremetal deploy does file injection on local disk

Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  Currently, baremetal deploys do the following:
   - download the image to the nova-compute host per-bm-node
   - convert to raw
   - mount
   - fiddle with contents
   - umount
   - iscsi mount the target
   - dd
   - iscsi umount

  If we instead did:
   - download the image to the nova-compute host per-glance-uuid
   - convert to raw
   - iscsi mount the target
   - dd
   - mount
   - fiddle with contents
   - umount
   - iscsi umount

  Then we wouldn't need a local image per target machine (we can
  reproduce the injection as needed from the source image). This would
  free up many GB or even TB on large deployments, and is compatible
  with the long term desire to make disk injection either non-existent,
  or at least optional.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1114634/+subscriptions