On 2018-06-27 11:13:04 -0400 (-0400), Jay Pipes wrote: [...] > Virtual machines and the software running in them should not need > to know what particular piece of hardware they are running on. VMs > having knowledge of the underlying hardware and host violates the > principle of least privilege and introduces attack vectors that > I'm pretty sure you (as an operator) don't want to open up. [...]
I saw similar security red flags with the proposal, but didn't weigh in at the time because I was confident Nova core reviewers would arrive at the same quite quickly on their own. While it would be "nice" to have this for the Infra team to be able to give providers a heads up when we see instances crashing consistently on a particular compute node, we're not the administrators of those compute nodes and so it is not information for which we should expect to have access. It may be a pain to collect up instance UUIDs and them pass those along to the provider so they can correlate to compute nodes in their service logs, but that's ultimately the right way to go about it so that separation of concerns is preserved. -- Jeremy Stanley
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
