OpenStack Compute (nova)

  1. Series stein
  2. Bug #1852106
  3. Comment #16

Comment 16 for bug 1852106

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.opendev.org/708126
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=bc290840127c3179227a662584404f9c0178d588
Submitter: Zuul
Branch: master

commit bc290840127c3179227a662584404f9c0178d588
Author: Brian Rosmaita <email address hidden>
Date: Thu Feb 13 11:09:08 2020 -0500

    Absolutely-non-inheritable image properties

    Inheritance of image properties from the image an instance was booted
    from to an image created from that instance is governed by the
    non_inheritable_image_properties configuration option. However, there
    are some image properties (for example, those used for image signature
    validation or to reference a cinder encryption key id) which it makes
    no sense to inherit under any circumstances. Additionally,
    misconfiguration of the non-inheritable properties can lead to data
    loss under the circumstances described in Bug #1852106. So it would
    be better if these properties were not subject to configuration.

    The initial set of absolutely non-inheritable image properties
    consists of those associated with cinder encryption keys and image
    signature validation.

    Change-Id: I4332b9c343b6c2b50226baa8f78396c2012dabd1
    Closes-bug: #1852106