OpenStack Compute (nova)

  1. Bug #1235450
  2. Comment #70

Comment 70 for bug 1235450

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/havana)

Reviewed: https://review.openstack.org/61442
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=954efa91f08ec1782d41a043584334fcf01a64cb
Submitter: Jenkins
Branch: stable/havana

commit 954efa91f08ec1782d41a043584334fcf01a64cb
Author: Aaron Rosen <email address hidden>
Date: Mon Oct 7 15:34:38 2013 -0700

    Add X-Tenant-ID to metadata request

    Previously, one could update a port's device_id to be that of
    another tenant's instance_id and then be able to retrieve that
    instance's metadata. In order to prevent this X-Tenant-ID is now
    passed in the metadata request to nova and nova then checks that
    X-Tenant-ID also matches the tenant_id for the instance against it's
    database to ensure it's not being spoofed.

    DocImpact - When upgrading OpenStack nova and neturon, neutron
                should be updated first (and neutron-metadata-agent
                restarted before nova is upgraded) in order to minimize
                downtime. This is because there is also a patch to nova
                which has checks X-Tenant-ID against it's database
                therefore neutron-metadata-agent needs to pass that
                before nova is upgraded for metadata to work.

    Change-Id: I2b8fa2f561a7f2914608e68133abf15efa95015a
    Closes-Bug: #1235450