On Mar 3, 2011, at 8:40 AM, George Reese wrote:
> Any mechanism that requires an agent or requires any ability of the
> hypervisor or cloud platform to inject a password creates trust issues. In
> particular, the hypervisor and platform should avoid operations that reach
> into the guest. The guest should have the option of complete control over its
> data.
Please understand that this is a Rackspace-specific use case. It is not
an OpenStack standard by any means. That's why this action is in a specific
agent, not in the main OpenStack compute codebase. On an OpenStack list, we
should be discussing the OpenStack code, not Rackspace's customization of that
code for our use cases.
Rackspace sells support. Customers are free to enable/disable/change
whatever they want, with the understanding that it will limit the ability to
directly support their instances. That decision is up to each customer, but our
default is to build in the support mechanism. Other OpenStack deployments will
choose to do things quite differently, I'm sure. It's even likely that in the
future Rackspace may add a secure option like you describe, but for now we're
focusing on parity with the current Cloud Servers product, and that includes
password injection at creation.
-- Ed Leafe
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
