Allowing operations during RESIZE_VERIFY leaks original instance
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Dan Prince |
Bug Description
Resizing an instance is a two-step process. First the instance is resized and the task_state ends up set to RESIZE_VERIFY. Then a second step is required to confirm or revert the resize, eventually cleaning up one instance and clearing the task_state.
However, a variety of commands are allowed in RESIZE_VERIFY that will end up clearing the task_state without cleaning up one of the instances (the original since the new instance is the one running at that time).
These operations appear to result in this scenario happening:
stop
reboot
rebuild
pause
suspend
rescue
changePassword
createImage
(I've personally seen it and tested it with rescue and changePassword, the others I found from reading the code, there may be more too).
I'm not sure if the API intended for any of these operations to occur when in RESIZE_VERIFY. If not, the simplest fix would be to prevent any of these from executing while in RESIZE_VERIFY.
If it is intended, some redesigning of how states are tracked is necessary to avoid task_state being cleared.
summary: |
- Rescue from RESIZE_VERIFY leaks original instance + Allowing operations during RESIZE_VERIFY leaks original instance |
description: | updated |
Changed in nova: | |
assignee: | Rick Harris (rconradharris) → Dan Prince (dan-prince) |
importance: | Undecided → Medium |
Changed in nova: | |
milestone: | none → folsom-2 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | folsom-2 → 2012.2 |
I'd vote that we prevent any of these actions until the migration is either verified or reverted.