Make Rsync for Guest Optional

Make Rsync for Guest Optional


Today, the instance rsyncs the guestagent code and trove-guestagent.conf via (or

The proposal is to introduce an alternative that does not require guest-to-controller SSH connectivity: bake the guestagent code and trove-guestagent.conf into the image.

Problem Description

In production, permitting SSH connectivity between guests and the control-plane is a security no-no. Although trove-integration is considered to be only a sample reference implementation, we owe it to deployers to provide insight into how to properly secure Trove.

Use Cases

  • As a deployer, I want to avoid ssh connectivity between guests and the control-plane.

Proposed Change

Add additional elements in trove-integration to stage the guestagent code and trove-guestagent.conf during the extra-data.d hook, and subsequently install them in the install.d hook, vs. relying on upstart/systemd to rsync.


This is not turned on by default, and therefore is backwards compatible.


To make use of this functionality, it requires setting GUEST_LOCAL_TROVE_DIR and GUEST_LOCAL_TROVE_CONF. The aforementioned values are used in the newly introduced diskimage-builder elements.


No database changes.

Public API

No public API changes.

Public API Security

No public API Security related changes.

Internal API

No internal API changes.

Guest Agent

No Guest Agent changes.


No alternatives.



Primary assignee:

Auston McReynolds (amcrn)




No dependencies.


diskimage-builder element additions/changes are not tested via traditional means at the moment.

Documentation Impact

No documentation impact.



Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

trove-specs 0.0.1.dev177