Adds metadata password POST at the hypervisor level

Registered by Alessandro Pilotti on 2013-05-15

Metadata password POST (i.e.: nova get-password) has been added in Grizzly and is currently supported by Cloudbase-Init (Windows Cloud-Init).

The main issue with the current approach is that it is not supported by ConfigDrive and requires HTTP POST access from the guest, with all the security, deployment, scalability and management issues involved.

In order to support this feature in scenarios in which metadata HTTP access from the guest instances is not allowed, the Nova driver can take care of the metadata POST on behalf of the guest instance. The guest instance will still be in charge of generating and encrypting the password with the SSH public key, passing the encrypted data to the Hypervisor using a specific guest / host channel available on the hypervisor.

KVP is The guest / host communication channel available on Hyper-V. An implementation can be added in the Nova Hyper-V driver, considering a common interface that each hypervisor driver can implement (e.g. XenServer, KVM, etc). The same interface can be implemented on the client side in Cloud-Init and/or Cloudbase-Init.

Blueprint information

Status:
Not started
Approver:
Russell Bryant
Priority:
Undefined
Drafter:
Alessandro Pilotti
Direction:
Needs approval
Assignee:
Alessandro Pilotti
Definition:
Drafting
Series goal:
None
Implementation:
Not started
Milestone target:
None

Related branches

Sprints

Whiteboard

I'd like to see a discussion about this one on the mailing list. --russellbI'd like to see a discussion about this one on the mailing list. --russellb

Marking this blueprint as definition: Drafting. If you are still working on this, please re-submit via nova-specs. If not, please mark as obsolete, and add a quick comment to describe why. --johnthetubaguy (20th April 2014)

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.