instance_faults entries are created on InstanceInvalidState exceptions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
In Progress
|
Undecided
|
Pavlo Shchelokovskyy |
Bug Description
This might somewhat be related to https:/
Recently the following problem was reported in one of our clouds:
- a homegrown self-written monitoring that polls servers diagnostics
- the monitoring script is naive and does not check the server state before requesting server diagnostics
- several servers in shutdown state
- instance_faults table is growing and ballooning database size on disk
During handling of GET /servers/
- stored in instance_faults table;
- returns as HTTP409 Conflict to the user.
Effectively benign 'read-only' GET requests are recorded in the DB. Also, these instance_faults entries can not purged by standard means since the instance is not deleted yet. What's more, they won't be shown in any API at all, since the server is also not in ERROR state.
This got me thinking - should the InvalidInstance
After all, usually this exception indicates not the problem (fault) with the instance, but the mismatch between instance state and requested action upon instance, which might not warrant storing it.
There's also a slight DoS potential here, but since default policy for get diagnostics call is admin-only, this is probably not worth worrying.
Changed in nova: | |
assignee: | nobody → Pavlo Shchelokovskyy (pshchelo) |
Fix proposed to branch: master /review. opendev. org/c/openstack /nova/+ /860702
Review: https:/