[ovirt-devel] cloud-init metadata service

Marc Young 3vilpenguin at gmail.com
Wed Mar 1 16:15:26 UTC 2017


I partially agree. I do agree that I shouldn't have to crawl the API, nor
do I want to. I'd like to have something similar to the metadata service
that can provide only designated data to a request, much like how
openstack/aws do it.
Ie you can get _your_ instance id, network information, etc but you can't
ask about neighbors'

On Wed, Mar 1, 2017 at 10:04 AM, Sven Kieske <s.kieske at mittwald.de> wrote:

> On 01/03/17 16:53, Marc Young wrote:
> > What feels hacky is that I have so little information about the VM i'm
> > running from within that I'd have a hard time crawling the API enough to
> > know the information I got was about the VM I'm testing against. Per my
> > later email the ID in /var/lib/cloud/data/instance-id is not the same
> that
> > I'd need to hit the REST API to describe
>
> I'm glad that this is this way.
>
> From a security standpoint, this would be an information leak, which
> enables third party users from inside the vm to attack the ovirt system.
>
> So if you implement new features in this area, I would be very very
> careful.
>
> --
> Mit freundlichen Grüßen / Regards
>
> Sven Kieske
>
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +495772 293100
> F: +495772 293333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
>
>
> _______________________________________________
> Devel mailing list
> Devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20170301/f13ada1f/attachment.html>


More information about the Devel mailing list