Adds metadata password POST at the hypervisor level
Metadata password POST (i.e.: nova get-password) has been added in Grizzly and is currently supported by Cloudbase-Init (Windows Cloud-Init).
The main issue with the current approach is that it is not supported by ConfigDrive and requires HTTP POST access from the guest, with all the security, deployment, scalability and management issues involved.
In order to support this feature in scenarios in which metadata HTTP access from the guest instances is not allowed, the Nova driver can take care of the metadata POST on behalf of the guest instance. The guest instance will still be in charge of generating and encrypting the password with the SSH public key, passing the encrypted data to the Hypervisor using a specific guest / host channel available on the hypervisor.
KVP is The guest / host communication channel available on Hyper-V. An implementation can be added in the Nova Hyper-V driver, considering a common interface that each hypervisor driver can implement (e.g. XenServer, KVM, etc). The same interface can be implemented on the client side in Cloud-Init and/or Cloudbase-Init.
Blueprint information
- Status:
- Not started
- Approver:
- Russell Bryant
- Priority:
- Undefined
- Drafter:
- Alessandro Pilotti
- Direction:
- Needs approval
- Assignee:
- Alessandro Pilotti
- Definition:
- Drafting
- Series goal:
- None
- Implementation:
-
Not started
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
I'd like to see a discussion about this one on the mailing list. --russellbI'd like to see a discussion about this one on the mailing list. --russellb
Marking this blueprint as definition: Drafting. If you are still working on this, please re-submit via nova-specs. If not, please mark as obsolete, and add a quick comment to describe why. --johnthetubaguy (20th April 2014)
