nova-compute consuming 100% of cpu after rebuilding with invalid data parameters
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Description
==============
The 'conductor-api' for 'rebuild_instance' has a vulnerability point for the parameter 'rebuild_
Steps to reproduce
=======
1) create an instance with the flavor (VCPUS: 1, MEM: 64MB, STORAGE: 0GB) and the cirros image 0.3.4;
2) rebuild the instance with an alternative cirros image 0.4.0;
2.1) intercept the message to 'conductor' api (ComputeTaskAPI) for the method 'rebuild_instance', and change the parameter 'rebuild_
3) rebuild again the instance with the original image of the instance (cirros 0.3.4);
4) shelve the instance;
5) delete the instance;
Expected result
================
Even that rebuild is not an action that takes the flavor into account, should exist something for ensuring correctness of other parameters. The compute node does not stop working because of an invalid parameter.
Actual result
================
The instance does not change from rebuild to active, remaining rebuilding forever, and the compute node gets innoperating until the services be restarted. 'nova-compute' consuming 100% of cpu.
Environment
==============
I used devstack/
Logs & Configs
=================
Logs attached.
The fault is injected after 11:24:16.
If you search for '10000000000000
Nov 5 11:24:21 localhost nova-compute[
description: | updated |
description: | updated |
tags: | added: fault-injection |
This is definitely nifty and impressive, but realistically will never be addressed. We recommend folks deploy with TLS on all internal services, including the message queue used for RPC. TLS makes this kind of in-flight RPC hacking even less of a concern in practice - because let's face it, if someone has gained enough access to modify in-flight RPC this way, setting VCPUs to a wrong value is the least of your concerns.