← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1381061] Re: VMware: ESX hosts must not be externally routable

 

** Changed in: nova
       Status: New => Confirmed

** Also affects: openstack-manuals
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1381061

Title:
  VMware: ESX hosts must not be externally routable

Status in OpenStack Compute (Nova):
  Confirmed
Status in OpenStack Manuals:
  New

Bug description:
  Change I70fd7d3ee06040d6ce49d93a4becd9cbfdd71f78 removed passwords
  from VNC hosts. This change is fine because we proxy the VNC
  connection and do access control at the proxy, but it assumes that ESX
  hosts are not externally routable.

  In a non-OpenStack VMware deployment, accessing a VM's console
  requires the end user to have a direct connection to an ESX host. This
  leads me to believe that many VMware administrators may leave ESX
  hosts externally routable if not specifically directed otherwise.

  The above change makes a design decision which requires ESX hosts not
  to be externally routable. There may also be other reasons. We need to
  ensure that this is very clearly documented. This may already be
  documented, btw, but I don't know how our documentation is organised,
  and would prefer that somebody more familiar with it assures
  themselves that this has been given appropriate weight.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1381061/+subscriptions


References