[virt-tools-list] virt-install and cloud-init, feedback wanted
Daniel P. Berrangé
berrange at redhat.com
Thu Nov 21 11:27:43 UTC 2019
On Thu, Nov 21, 2019 at 12:04:11PM +0100, Christian Ehrhardt wrote:
> On Thu, Nov 21, 2019 at 11:52 AM Florian Weimer <fweimer at redhat.com> wrote:
> >
> > * Daniel P. Berrangé:
> >
> > >> This goes probably in a different direction of what has been implement
> > >> so far, but would it actually harm to enable the network-based
> > >> instance-data injection by default? The advantage would be that it also
> > >> blocks these requests from leaking to untrusted parties, which could
> > >> then serve bogus data to compromise the virtual machine.
> > >
> > > I don't understand what you mean by leaking data to untrusted parties
> > > here in contetx of config drive ? I've considerd the config drive to
> > > be more secure / less risky than network service.
> >
> > I'm assuming that cloud-init will try all sources in parallel, given
> > that there's a delay for both the network coming about and hardware
> > being detected.
>
> Hi,
> there are many controls to that. By default it is most configurable,
> but you can set it to your needs of e.g. only local data sources.
>
> As outlined by Daniel already this is pretty safe, but if still
> concerned about it, you can control it [1]:
> - image builders can disable things by a drop in file that controls
> which sources are queried
> - local users can control it via kernel-commandline (which most tools
> provide an option to append things to)
With pre-built disks images, virt-install can't directly control the
kernel command line without using a tool like guestfish to get inside
the image & modify grub config.
Cloud-init can, however, look at SMBIOS to extract the information
for the specific data source to use. Currently it is abusing the
system-serial-number field for this purpose. I proposed a patch
to make it use the SMBIOS OEM strings field instead
https://bugs.launchpad.net/cloud-init/+bug/1753558
Either way though, virt-install can set the SMBIOS data in the
guest to explicitly tell cloud-init to only use the configdrive
ISO, and thus prevent it ever talking to the network metdata
service.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the virt-tools-list
mailing list