On Wed, May 25, 2016 at 3:28 AM, Dan Smith <d...@danplanet.com> wrote:
> > It was my impression we were trying to prevent bitrot, not defend > > against an attacker that has gained control over the compute node. > > I think we've established that addressing bitrot at the nova layer is > (far) out of scope and not something we want or need to do in nova. > Hi, guy from awkward timezone here. I wrote this code, in approximately the diablo timeline. So, its been around for a long time (before pluggable instance storage backends for example). Originally I wanted to just write the cache cleaner, because that was the bit I really needed in my deployment. The image verification thing was added at the request of the PTL at the time, presumably for good reasons I can't recall any more. That said, I think its time has passed. It cases a lot of disk IO, especially if you imagine that we're trying to do a checksum on a file that might be 100gb. If people really care about this sort of thing, I think an optional boot time verification per instance would be a reasonable path to explore. So, I vote for removing image verification (but not image cache cleaning). Michael -- Rackspace Australia
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators