OpenStack Compute (nova)

  1. Series ocata
  2. Bug #1695861
  3. Comment #0

Comment 0 for bug 1695861

Revision history for this message
Hiroaki Kobayashi (hiro-kobayashi) wrote : Invalid availability zone name can be accepted

According to the parse_availability_zone() of the API class [1], Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the create aggregate API accepts requests which have availability zone names including ':'. That causes a following bad scenario:

1. An admin creates a host aggregate with availability_zone = bad:name:example
2. An admin tries to create a server with availability_zone = bad:name:example
3. The nova-api parse the request and split the availability_zone value with ':'
4. Then it recognizes az=bad, host=name, node=example
5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'.

To solve this problem following fixes are needed:

* Do not allow admins to create a host aggregate whose availability_zone name including ':'.
* Document this specification.

[1] https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561