Stack Abandon is unsafe
Bug #1353670 reported by
Zane Bitter
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Heat |
Fix Released
|
High
|
Jason Dunsmore |
Bug Description
When abandoning a stack, we return the critical data to the user only *after* commencing a destructive delete of it. If the user fails to get the data for any reason (the connection to the API drops, network connectivity to Qpid is lost, an error occurs in heat-api...) then the user will have no (automated) way of recovering the data necessary to recreate the stack.
Changed in heat: | |
status: | New → Triaged |
Changed in heat: | |
assignee: | Vijendar Komalla (vijendar-komalla) → Anant Patil (ananta) |
tags: | added: abandon-adopt |
Changed in heat: | |
assignee: | Anant Patil (ananta) → nobody |
Changed in heat: | |
importance: | High → Medium |
milestone: | none → liberty-1 |
Changed in heat: | |
assignee: | nobody → Kanagaraj Manickam (kanagaraj-manickam) |
Changed in heat: | |
importance: | Medium → High |
Changed in heat: | |
milestone: | liberty-1 → liberty-2 |
Changed in heat: | |
milestone: | liberty-2 → liberty-3 |
Changed in heat: | |
milestone: | liberty-3 → next |
Changed in heat: | |
assignee: | Kanagaraj Manickam (kanagaraj-manickam) → Jason Dunsmore (jasondunsmore) |
Changed in heat: | |
milestone: | next → mitaka-3 |
To post a comment you must log in.
Zane,
I am thinking about fixing following way. Let me know if you have any comments.
1. Introduce a new 'pre-abandon' (or may be called 'freeze') step and in this step return the stack data without performing any destructive operation. And also set stack status as ['pre-abandon', 'complete']
2. Only operations allowed on a stack in 'pre-abandon' state are 'adopt' and 'pre-abandon'. So if for some reason data was lost, then user can again issue 'pre-abandon' and get the data back
3. In stack-abandon step do the actual stack abandon which is destructive