Excerpts from Daniel P. Berrange's message of 2017-02-21 10:40:02 +0000: > On Mon, Feb 20, 2017 at 02:36:15PM -0500, Clint Byrum wrote: > > What exactly is the security concern of the metadata service? Perhaps > > those concerns can be addressed directly? > > > > I ask because anything that requires special software on the guest is > > a non-starter IMO. virtio is a Linux thing, so what does this do for > > users of Windows? FreeBSD? etc. > > Red Hat is investing in creating virtio vsock drivers for Windows > but I don't have an ETA for that yet. There's no work in *BSD in > this area that I know of, but BSD does have support for virtio > in general, so if virtio-vsock becomes used in any important > places I would not be suprised if some BSD developers implemented > vsock too. >
> In any case, I don't think it neccessarily needs to be supported > in every single possible scenario. The config drive provides the > same data in a highly portable manner, albeit with the caveat > about it being read-only. The use of metadata service (whether > TCP or vsock based) is useful for cases needing the info from > config drive to be dynamically updated - eg the role device > tagging metadata. Only a very small subset of guests running on > openstack actually use that data today. So it would not be the > end of the world if some guests don't support vsock in the short > to medium term - if the facility proves to be critically important > to a wider range of guests that'll motivate developers of those > OS to support it. > Cool, so there's a chance it gets to near ubiquitous usability. However, I wonder, there's no need for performance here. Why not just make it a virtual USB drive that ejects and re-attaches on changes? That way you don't need Windows/BSD drivers. _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
