| 2017-06-05 08:56:01 |
Hiroaki Kobayashi |
bug |
|
|
added bug |
| 2017-06-05 08:58:02 |
Hiroaki Kobayashi |
summary |
Invalid availability zone name can be accepted |
Invalid availability zone name with ':' is accepted |
|
| 2017-06-06 08:16:16 |
Takashi Natsume |
nova: status |
New |
Confirmed |
|
| 2017-06-06 08:16:23 |
Takashi Natsume |
tags |
|
api |
|
| 2017-06-07 08:09:14 |
Hiroaki Kobayashi |
description |
According to the parse_availability_zone() of the API class [1], Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the create aggregate API accepts requests which have availability zone names including ':'. That causes a following bad scenario:
1. An admin creates a host aggregate with availability_zone = bad:name:example
2. An admin tries to create a server with availability_zone = bad:name:example
3. The nova-api parse the request and split the availability_zone value with ':'
4. Then it recognizes az=bad, host=name, node=example
5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'.
To solve this problem following fixes are needed:
* Do not allow admins to create a host aggregate whose availability_zone name including ':'.
* Document this specification.
[1] https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561 |
According to the parse_availability_zone() of the API class [1], Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the create aggregate API accepts requests which have availability zone names including ':'. That causes a following bad scenario:
1. An admin creates a host aggregate with availability_zone = bad:name:example
2. An admin tries to create a server with availability_zone = bad:name:example
3. The nova-api parse the request and split the availability_zone value with ':'
4. Then it recognizes az=bad, host=name, node=example
5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'.
To solve this problem following fixes are needed:
Plan A:
* Do not allow admins to create a host aggregate whose availability_zone name including ':'.
* Document this specification.
Plan B:
* Deprecate the legacy admin hack which uses az:host:node and allow ':' for az name.
[1] https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561 |
|
| 2017-06-07 08:10:04 |
Hiroaki Kobayashi |
description |
According to the parse_availability_zone() of the API class [1], Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the create aggregate API accepts requests which have availability zone names including ':'. That causes a following bad scenario:
1. An admin creates a host aggregate with availability_zone = bad:name:example
2. An admin tries to create a server with availability_zone = bad:name:example
3. The nova-api parse the request and split the availability_zone value with ':'
4. Then it recognizes az=bad, host=name, node=example
5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'.
To solve this problem following fixes are needed:
Plan A:
* Do not allow admins to create a host aggregate whose availability_zone name including ':'.
* Document this specification.
Plan B:
* Deprecate the legacy admin hack which uses az:host:node and allow ':' for az name.
[1] https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561 |
According to the parse_availability_zone() of the API class [1], Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the create aggregate API accepts requests which have availability zone names including ':'. That causes a following bad scenario:
1. An admin creates a host aggregate with availability_zone = bad:name:example
2. An admin tries to create a server with availability_zone = bad:name:example
3. The nova-api parse the request and split the availability_zone value with ':'
4. Then it recognizes az=bad, host=name, node=example
5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'.
To solve this problem following fixes are needed:
Option A:
* Do not allow admins to create a host aggregate whose availability_zone name including ':'.
* Document this specification.
Option B:
* Deprecate the legacy admin hack which uses az:host:node and allow ':' for az name.
[1] https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561 |
|
| 2017-07-31 07:42:05 |
jichenjc |
bug |
|
|
added subscriber jichenjc |
| 2017-08-03 10:05:41 |
Tetsuro Nakamura |
nova: assignee |
|
Tetsuro Nakamura (tetsuro0907) |
|
| 2017-08-04 03:07:50 |
OpenStack Infra |
nova: status |
Confirmed |
In Progress |
|
| 2017-08-04 03:19:44 |
Matt Riedemann |
nova: importance |
Undecided |
Medium |
|
| 2017-08-04 03:19:50 |
Matt Riedemann |
nominated for series |
|
nova/ocata |
|
| 2017-08-04 03:19:50 |
Matt Riedemann |
bug task added |
|
nova/ocata |
|
| 2017-08-04 07:16:49 |
Masahito Muroi |
bug |
|
|
added subscriber Masahito Muroi |
| 2017-08-04 07:31:04 |
OpenStack Infra |
nova: assignee |
Tetsuro Nakamura (tetsuro0907) |
Viktor Varga (vvargaszte) |
|
| 2017-08-07 00:40:25 |
Tetsuro Nakamura |
nova: assignee |
Viktor Varga (vvargaszte) |
Tetsuro Nakamura (tetsuro0907) |
|
| 2017-08-28 14:08:28 |
Matt Riedemann |
bug task deleted |
nova/ocata |
|
|
| 2017-09-22 20:38:12 |
Matt Riedemann |
nominated for series |
|
nova/pike |
|
| 2017-09-22 20:38:12 |
Matt Riedemann |
bug task added |
|
nova/pike |
|
| 2017-09-22 20:38:12 |
Matt Riedemann |
nominated for series |
|
nova/ocata |
|
| 2017-09-22 20:38:12 |
Matt Riedemann |
bug task added |
|
nova/ocata |
|
| 2017-09-22 20:39:39 |
OpenStack Infra |
nova: assignee |
Tetsuro Nakamura (tetsuro0907) |
Matt Riedemann (mriedem) |
|
| 2017-09-22 20:40:01 |
Matt Riedemann |
nova: assignee |
Matt Riedemann (mriedem) |
Tetsuro Nakamura (tetsuro0907) |
|
| 2017-09-22 20:40:08 |
Matt Riedemann |
nova/ocata: status |
New |
Confirmed |
|
| 2017-09-22 20:40:13 |
Matt Riedemann |
nova/pike: importance |
Undecided |
Medium |
|
| 2017-09-22 20:40:16 |
Matt Riedemann |
nova/pike: status |
New |
Confirmed |
|
| 2017-09-22 20:40:22 |
Matt Riedemann |
nova/ocata: importance |
Undecided |
Medium |
|
| 2017-10-04 18:54:28 |
OpenStack Infra |
nova: status |
In Progress |
Fix Released |
|
| 2017-10-04 22:07:15 |
OpenStack Infra |
nova/pike: status |
Confirmed |
In Progress |
|
| 2017-10-04 22:07:15 |
OpenStack Infra |
nova/pike: assignee |
|
Matt Riedemann (mriedem) |
|
| 2017-10-04 22:12:03 |
OpenStack Infra |
nova/ocata: status |
Confirmed |
In Progress |
|
| 2017-10-04 22:12:03 |
OpenStack Infra |
nova/ocata: assignee |
|
Matt Riedemann (mriedem) |
|
| 2017-10-24 15:31:28 |
OpenStack Infra |
nova/pike: status |
In Progress |
Fix Committed |
|
| 2017-12-13 19:28:09 |
OpenStack Infra |
nova/ocata: status |
In Progress |
Fix Committed |
|
