i want openstack machine snapshot can used in project , can start other snaphots itself. can start instance of snapshot in project , able start other snapshots without configuration. possible?
the short answer is:
at moment there no way securely...
as keystone extends capabilities of providing shared trust tokens may feasible.
long answer is:
what comes down images accessible users have them. api creds store on image can stolen guest users. , means can't set base public image have api credentials available make api calls.
now can inject credentials @ run time, have done users. have script on base image interactively requests users auth creds can valid token keystone. heck can pass @ run time of instance using 1 of these options:
i prefer user-data , cloud-init. http://docs.openstack.org/trunk/openstack-compute/admin/content/user-data.html
config drive has exposed nasty security risks in past. http://docs.openstack.org/trunk/openstack-compute/admin/content/config-drive.html
that might far enough. won't automated.
Comments
Post a Comment