OpenStack Compute (nova)

xenapi: secgroups are not in place for a short duration after live-migration

Bug #1224587 reported by John Garbutt on 2013-09-12

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Expired	Undecided	Unassigned

Bug Description

The previous bug on security groups was only a partial fix:
https://bugs.launchpad.net/nova/+bug/1202266

There is a small amount of time where the security group is not in place.

The full fix for this may be possible using XenServer hooks, but may require modifications to XenServer.

(this is a security bug has already been made public in the other bugs around this issue)

Tags:

Revision history for this message

Kurt Seifried (kseifried) wrote on 2013-11-28:

#1

Does this issue require a CVE?

Revision history for this message

John Garbutt (johngarbutt) wrote on 2014-03-07:

#2

I thought it was mentioned in an existing CVE around the fix.

Revision history for this message

John Garbutt (johngarbutt) wrote on 2014-03-07:

#3

The best fix involves XenAPI starting the instance paused, so nova can make changes, maybe in a hook, maybe then starting the instance. Either way, needs XenServer changes really :(

Revision history for this message

Sean Dague (sdague) wrote on 2015-03-30:

#4

Definitely not Triaged

Changed in nova:
status:	Triaged → Confirmed
importance:	Medium → Low

Revision history for this message

Sean Dague (sdague) wrote on 2015-03-30:

#5

Marking as low as it is a single hypervisor backend

OpenStack Infra (hudson-openstack) on 2015-11-18

Changed in nova:
assignee:	nobody → huan (huan-xie)
status:	Confirmed → In Progress

Revision history for this message

Bob Ball (bob-ball) wrote on 2015-11-18:

#6

Sorry - my mistake. I thought Huan's change fixed this; I don't believe so now and need further thought.

Changed in nova:
assignee:	huan (huan-xie) → nobody

Davanum Srinivas (DIMS) (dims-v) on 2016-03-03

Changed in nova:
status:	In Progress → Confirmed

Revision history for this message

Markus Zoeller (markus_z) (mzoeller) wrote on 2016-07-05: Cleanup EOL bug report

#7

This is an automated cleanup. This bug report has been closed because it
is older than 18 months and there is no open code change to fix this.
After this time it is unlikely that the circumstances which lead to
the observed issue can be reproduced.

If you can reproduce the bug, please:
* reopen the bug report (set to status "New")
* AND add the detailed steps to reproduce the issue (if applicable)
* AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>"
Only still supported release names are valid (LIBERTY, MITAKA, OCATA, NEWTON).
Valid example: CONFIRMED FOR: LIBERTY

Changed in nova:
importance:	Low → Undecided
status:	Confirmed → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.