← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #23723

[Bug 1381061] [NEW] VMware: ESX hosts must not be externally routable

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Change I70fd7d3ee06040d6ce49d93a4becd9cbfdd71f78 removed passwords from
VNC hosts. This change is fine because we proxy the VNC connection and
do access control at the proxy, but it assumes that ESX hosts are not
externally routable.

In a non-OpenStack VMware deployment, accessing a VM's console requires
the end user to have a direct connection to an ESX host. This leads me
to believe that many VMware administrators may leave ESX hosts
externally routable if not specifically directed otherwise.

The above change makes a design decision which requires ESX hosts not to
be externally routable. There may also be other reasons. We need to
ensure that this is very clearly documented. This may already be
documented, btw, but I don't know how our documentation is organised,
and would prefer that somebody more familiar with it assures themselves
that this has been given appropriate weight.

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1381061

Title:
  VMware: ESX hosts must not be externally routable

Status in OpenStack Compute (Nova):
  New

Bug description:
  Change I70fd7d3ee06040d6ce49d93a4becd9cbfdd71f78 removed passwords
  from VNC hosts. This change is fine because we proxy the VNC
  connection and do access control at the proxy, but it assumes that ESX
  hosts are not externally routable.

  In a non-OpenStack VMware deployment, accessing a VM's console
  requires the end user to have a direct connection to an ESX host. This
  leads me to believe that many VMware administrators may leave ESX
  hosts externally routable if not specifically directed otherwise.

  The above change makes a design decision which requires ESX hosts not
  to be externally routable. There may also be other reasons. We need to
  ensure that this is very clearly documented. This may already be
  documented, btw, but I don't know how our documentation is organised,
  and would prefer that somebody more familiar with it assures
  themselves that this has been given appropriate weight.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1381061/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next