baremetal deploy does file injection on local disk
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Medium
|
Chris Krelle |
Bug Description
Currently, baremetal deploys do the following:
- download the image to the nova-compute host per-bm-node
- convert to raw
- mount
- fiddle with contents
- umount
- iscsi mount the target
- dd
- iscsi umount
If we instead did:
- download the image to the nova-compute host per-glance-uuid
- convert to raw
- iscsi mount the target
- dd
- mount
- fiddle with contents
- umount
- iscsi umount
Then we wouldn't need a local image per target machine (we can reproduce the injection as needed from the source image). This would free up many GB or even TB on large deployments, and is compatible with the long term desire to make disk injection either non-existent, or at least optional.
Changed in nova: | |
milestone: | none → havana-1 |
Changed in nova: | |
assignee: | nobody → Chris Krelle (nobodycam) |
Changed in tripleo: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in nova: | |
milestone: | havana-1 → none |
I'm going to close this with prejudice: having thought about it, this would lead to unencrypted - or sniffable keys - same thing - disclosure of root passwords.