OpenStack Compute (nova)

Injection should not happen with metadata service

Bug #939798 reported by justinsb on 2012-02-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Wishlist	Chuck Short

Bug Description

I'm trying out the "official" way to do injection of keys etc.

It looks like if I specify an SSH key, and I'm using the metadata service, the key is still injected into the image; it also doesn't look like there's a flag to turn that off.

I think there should be a flag "no_inject" or similar.

Revision history for this message

Dan Prince (dan-prince) wrote on 2012-02-23:

Hi Justin,

Would something like this work:

https://review.openstack.org/#change,4430

Revision history for this message

justinsb (justin-fathomdb) wrote on 2012-02-23: Re: [Bug 939798] Re: Injection should not happen with metadata service

Looks good to me!

I see a distinction between disabling user-supplied metadata, and not
automatically injecting /etc/network/interfaces or ssh_key if we're relying
on cloud-init to populate that info.

On Thu, Feb 23, 2012 at 1:01 PM, Dan Prince <email address hidden> wrote:

> Hi Justin,
>
> Would something like this work:
>
> https://review.openstack.org/#change,4430
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/939798
>
> Title:
> Injection should not happen with metadata service
>
> Status in OpenStack Compute (Nova):
> New
>
> Bug description:
> I'm trying out the "official" way to do injection of keys etc.
>
> It looks like if I specify an SSH key, and I'm using the metadata
> service, the key is still injected into the image; it also doesn't
> look like there's a flag to turn that off.
>
> I think there should be a flag "no_inject" or similar.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/nova/+bug/939798/+subscriptions
>

Thierry Carrez (ttx) on 2012-02-24

Changed in nova:
assignee:	nobody → Dan Prince (dan-prince)
importance:	Undecided → Wishlist
status:	New → In Progress

Revision history for this message

Dan Prince (dan-prince) wrote on 2012-02-28:

Reassigned to Chuck since he is the one who actually owns that branch.

Changed in nova:
assignee:	Dan Prince (dan-prince) → Chuck Short (zulcss)

Thierry Carrez (ttx) on 2012-03-19

Changed in nova:
status:	In Progress → Triaged

Revision history for this message

Russell Bryant (russellb) wrote on 2013-03-08:

Options exist to turn this off now.

With the libvirt driver as an example, there are the libvirt_inject_password and libvirt_inject_key options.

Changed in nova:
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.