Ironic

Instance traits are not validated against node traits

Bug #1755146 reported by Mark Goddard on 2018-03-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ironic	Fix Released	Medium	Mark Goddard

Bug Description

During instance deployment, the nova virt driver sets node.instance_info.traits to a list of traits requested as required in the instance's flavor. Currently, ironic performs no validation of these traits prior to deployment of the instance. There are two cases we need to protect against:

1. a race between removing traits from an ironic node (node.traits), and placement's syncing of this information could result in nova scheduling an instance with required traits to an ironic node that no longer has those traits. Ironic should validate that all instance traits are also node traits.

2. a programming error or a user error (in the non-nova case) that allows an invalid value to be set on node.instance_info.traits.

This issue affects queens release 10.1.1.

OpenStack Infra (hudson-openstack) on 2018-03-12

Changed in ironic:
assignee:	nobody → Mark Goddard (mgoddard)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-12: Related fix proposed to ironic (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/552043

Dmitry Tantsur (divius) on 2018-03-12

Changed in ironic:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-29: Fix merged to ironic (master)

Reviewed: https://review.openstack.org/543461
Committed: https://git.openstack.org/cgit/openstack/ironic/commit/?id=d1cd215c66eaa205bc63a5405835e0ef28dadc20
Submitter: Zuul
Branch: master

commit d1cd215c66eaa205bc63a5405835e0ef28dadc20
Author: Mark Goddard <email address hidden>
Date: Mon Feb 12 13:47:09 2018 +0000

Validate instance_info.traits against node traits

    The ironic node traits spec calls out that traits added to
    instance_info.traits should be validated against the node's traits. All
    traits in instance_info.traits should exist in the node's traits. This
    protects us against race conditions between traits being removed from a
    node in ironic, and the node's resource provider's traits being updated
    in placement.

    This change adds validation to do_node_deploy() and
    validate_driver_interfaces() in the conductor manager, ensuring that all
    instance traits are also node traits.

    Change-Id: I956f8285fe428b2bdf8822e4a308f5c2a1675836
    Closes-Bug: #1755146
    Related-Bug: #1722194

Changed in ironic:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-05: Related fix merged to ironic (master)

Reviewed: https://review.openstack.org/552043
Committed: https://git.openstack.org/cgit/openstack/ironic/commit/?id=f5605d13e67c71c46538bafa5f7ddc18fb7427a6
Submitter: Zuul
Branch: master

commit f5605d13e67c71c46538bafa5f7ddc18fb7427a6
Author: Mark Goddard <email address hidden>
Date: Mon Mar 12 14:42:56 2018 +0000

Assume node traits in instance trait validation

In Rocky, we can assume that node.traits is set, since the earliest
version we may be pinned to is Queens, which supports node traits.

    Change-Id: Ib011122a72f31e73e7e2031cb7582057e1f33ef4
    Related-Bug: #1755146
    Related-Bug: #1722194

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-07-05: Fix included in openstack/ironic 11.0.0

This issue was fixed in the openstack/ironic 11.0.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.