Make Rsync For Guest Optional Spec
blueprint rsync-optional Change-Id: Ia419434a23d1acab5c3732b0a4ef4eef6d10727c
This commit is contained in:
amcrn
parent
398b2534c0
commit
ca808b9bb5
122
specs/kilo/rsync-optional.rst
Normal file
122
specs/kilo/rsync-optional.rst
Normal file
@ -0,0 +1,122 @@
|
||||
..
|
||||
This work is licensed under a Creative Commons Attribution 3.0 Unported
|
||||
License.
|
||||
|
||||
http://creativecommons.org/licenses/by/3.0/legalcode
|
||||
|
||||
=============================
|
||||
Make Rsync for Guest Optional
|
||||
=============================
|
||||
|
||||
Blueprint:
|
||||
|
||||
https://blueprints.launchpad.net/trove-integration/+spec/rsync-optional
|
||||
|
||||
Today, the instance rsyncs the guestagent code and trove-guestagent.conf
|
||||
via http://git.io/qI9ivw (or http://git.io/p88Njw)
|
||||
|
||||
The proposal is to introduce an alternative that does not require
|
||||
guest-to-controller SSH connectivity: bake the guestagent code and
|
||||
trove-guestagent.conf into the image.
|
||||
|
||||
Problem Description
|
||||
===================
|
||||
|
||||
In production, permitting SSH connectivity between guests and the
|
||||
control-plane is a security no-no. Although trove-integration is considered
|
||||
to be only a sample reference implementation, we owe it to deployers to
|
||||
provide insight into how to properly secure Trove.
|
||||
|
||||
Use Cases
|
||||
----------
|
||||
|
||||
* As a deployer, I want to avoid ssh connectivity between guests and the
|
||||
control-plane.
|
||||
|
||||
Proposed change
|
||||
===============
|
||||
|
||||
Add additional elements in trove-integration to stage the guestagent code
|
||||
and trove-guestagent.conf during the extra-data.d hook, and subsequently
|
||||
install them in the install.d hook, vs. relying on upstart/systemd to rsync.
|
||||
|
||||
See https://review.openstack.org/#/c/119488/
|
||||
|
||||
This is not turned on by default, and therefore is backwards compatible.
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
To make use of this functionality, it requires setting GUEST_LOCAL_TROVE_DIR
|
||||
and GUEST_LOCAL_TROVE_CONF. The aforementioned values are used in the newly
|
||||
introduced diskimage-builder elements.
|
||||
|
||||
Database
|
||||
--------
|
||||
|
||||
No database changes.
|
||||
|
||||
Public API
|
||||
----------
|
||||
|
||||
No public API changes.
|
||||
|
||||
Internal API
|
||||
------------
|
||||
|
||||
No internal API changes.
|
||||
|
||||
Guest Agent
|
||||
-----------
|
||||
|
||||
No Guest Agent changes.
|
||||
|
||||
|
||||
Alternatives
|
||||
------------
|
||||
|
||||
No alternatives.
|
||||
|
||||
|
||||
Implementation
|
||||
==============
|
||||
|
||||
Assignee(s)
|
||||
-----------
|
||||
|
||||
Primary assignee:
|
||||
Auston McReynolds (amcrn)
|
||||
|
||||
Milestones
|
||||
----------
|
||||
|
||||
Kilo-1
|
||||
|
||||
Work Items
|
||||
----------
|
||||
|
||||
See https://review.openstack.org/#/c/119488/
|
||||
|
||||
Dependencies
|
||||
============
|
||||
|
||||
No dependencies.
|
||||
|
||||
|
||||
Testing
|
||||
=======
|
||||
|
||||
diskimage-builder element additions/changes are not tested via traditional
|
||||
means at the moment.
|
||||
|
||||
|
||||
Documentation Impact
|
||||
====================
|
||||
|
||||
No documentation impact.
|
||||
|
||||
|
||||
References
|
||||
==========
|
||||
|
||||
None.
|
||||
Loading…
Reference in New Issue
Block a user