Ironic

  1. Bug #1433812
  2. Comment #10

Comment 10 for bug 1433812

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ironic (master)

Reviewed: https://review.openstack.org/167063
Committed: https://git.openstack.org/cgit/openstack/ironic/commit/?id=87abb934e0d97cce0562a028e68c0a70a35c19ce
Submitter: Jenkins
Branch: master

commit 87abb934e0d97cce0562a028e68c0a70a35c19ce
Author: Jay Faulkner <email address hidden>
Date: Mon Mar 23 17:59:38 2015 -0700

    Ensure configdrive isn't mounted in CoreOS ramdisks

    Temporary workaround for bug #1433812. CoreOS processes the
    cloud-config.yml too late the boot process to prevent mounting and
    processing the configdrive. Pass coreos.configdrive=0 on the kernel
    command line to ensure this doesn't occur, as it can be a security risk
    (previous tenants may have written a malicious configdrive, and it would
    be read before being cleaned).

    Long-term, we should remove this workaround and either completely remove
    the mount units from the ramdisk during the build process or get a
    better fix from upstream (https://github.com/coreos/bugs/issues/314).

    Change-Id: I59575b2c5c89c3ceef03598f8b86f0e330cfacad
    Partial-bug: 1433812