Ironic

Keep config drive in swift until server deletion

Bug #1612476 reported by xiaobin on 2016-08-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ironic	Invalid	High	xiaobin

Bug Description

Currently if configdrive_use_swift is set, config drive will be uploaded to swift with header:
{'X-Delete-After': timeout}
Which means config drive will be removed after "timeout" seconds.
If the server is rebuilt "timeout" seconds later, config drive won't be available, provisioning will fail.

Proposal:
1. Do not pass 'X-Delete-After' header
2. Delete config drive during server deletion
3. If config drive is allowed in "rebuild" call (Bug 1575935), override previous config drive.

UPD by dtantsur: we still must expire the temporary URL and generate a new one on rebuild.

See original description

xiaobin (jxiaobin) on 2016-08-12

Changed in ironic:
assignee:	nobody → xiaobin (jxiaobin)
description:	updated

Revision history for this message

Dmitry Tantsur (divius) wrote on 2016-08-12:

We need to fix rebuild, not keep configdrive in Swifr forever (this is a security concern).

Revision history for this message

Dmitry Tantsur (divius) wrote on 2016-08-12:

Correction: we can and should keep the configdrive in swift, but we should expire the temporary URL for it, and renew it on rebuilt.

description:

updated

Dmitry Tantsur (divius) on 2016-08-12

Changed in ironic:
status:	New → Triaged
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-13: Fix proposed to ironic (master)

Fix proposed to branch: master
Review: https://review.openstack.org/355142

Changed in ironic:
status:	Triaged → In Progress

xiaobin (jxiaobin) on 2016-08-15

summary:	- Do not auto expire config drive in swift + Keep config drive in swift until server is removed
summary:	- Keep config drive in swift until server is removed + Keep config drive in swift until server deletion

Revision history for this message

Jay Faulkner (jason-oldos) wrote on 2016-08-16:

I do not agree that the symptom described should be fixed by keeping the configdrive past server delete. For other Nova drivers, configdrive is regenerated on rebuild (https://github.com/openstack/nova/blob/0da6c6461177539cf69c7c2998f3ce8914112b0a/nova/compute/manager.py#L2576) based on user input, so that we are currently:

1) ignoring user data passed into rebuild and
2) providing different behavior than other nova drivers (by preserving configdrive contents).

I instead propose that post-deployment, we remove the configdrive from the node immediately after deployment, and rebuilding in Ironic will always require re-adding configdrive information to the node.

Revision history for this message

Mathieu Mitchell (mat128) wrote on 2016-08-16:

I agree with Jay's proposal. It is better aligned with the other drivers *and* submitting more user-data on rebuild will work.

Revision history for this message

Lucas Alvares Gomes (lucasagomes) wrote on 2016-08-16:

Thanks Jay for the comment. I also agree that would be the right way of fixing this problem.

Revision history for this message

xiaobin (jxiaobin) wrote on 2016-08-16:

True, bug 1575935 is the final fix, but it's still "Wishlist", I see no progress on it.
Once 1575935 is resolved, user data during rebuild will still be accepted.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-16: Change abandoned on ironic (master)

Change abandoned by jxiaobin (<email address hidden>) on branch: master
Review: https://review.openstack.org/355142

xiaobin (jxiaobin) on 2016-08-16

Changed in ironic:
status:	In Progress → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.