Bug 1041196

Summary: [RFE][nova]: Adds metadata password POST at the hypervisor level
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/nova/+spec/hyper-v-metadata-password-post
Whiteboard: upstream_milestone_none upstream_status_not-started upstream_definition_drafting
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 16:48:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 13:54:29 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/hyper-v-metadata-password-post.

Description:

Metadata password POST (i.e.: nova get-password) has been added in Grizzly and is currently supported by Cloudbase-Init (Windows Cloud-Init).

The main issue with the current approach is that it is not supported by ConfigDrive and requires HTTP POST access from the guest, with all the security, deployment, scalability and management issues  involved.

In order to support this feature in scenarios in which metadata HTTP access from the guest instances is not allowed, the Nova driver can take care of the metadata POST on behalf of the guest instance. The guest instance will still be in charge of generating and encrypting the password with the SSH public key, passing the encrypted data to the Hypervisor using a specific guest / host channel available on the hypervisor.

KVP is The guest / host communication channel available on Hyper-V. An implementation can be added in the Nova Hyper-V driver, considering a common interface that each hypervisor driver can implement (e.g. XenServer, KVM, etc). The same interface can be implemented on the client side in Cloud-Init and/or Cloudbase-Init.

Specification URL (additional information):

None