Add X-Tenant-ID to metadata request

Bug #1260129 reported by OpenStack Infra
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-manuals
Fix Released
High
Summer Long

Bug Description

https://review.openstack.org/61439
commit bd4a85d67f091382752d75b95f9cfd076431f30e
Author: Aaron Rosen <email address hidden>
Date: Mon Oct 7 15:34:38 2013 -0700

    Add X-Tenant-ID to metadata request

    Previously, one could update a port's device_id to be that of
    another tenant's instance_id and then be able to retrieve that
    instance's metadata. In order to prevent this X-Tenant-ID is now
    passed in the metadata request to nova and nova then checks that
    X-Tenant-ID also matches the tenant_id for the instance against it's
    database to ensure it's not being spoofed.

    DocImpact - When upgrading OpenStack nova and neturon, neutron
                should be updated first (and neutron-metadata-agent
                restarted before nova is upgraded) in order to minimize
                downtime. This is because there is also a patch to nova
                which has checks X-Tenant-ID against it's database
                therefore neutron-metadata-agent needs to pass that
                before nova is upgraded for metadata to work.

    Change-Id: I2b8fa2f561a7f2914608e68133abf15efa95015a
    Closes-Bug: #1235450

Tags: neutron
Tom Fifield (fifieldt)
Changed in openstack-manuals:
status: New → Confirmed
importance: Undecided → High
milestone: none → icehouse
Summer Long (slong-g)
Changed in openstack-manuals:
assignee: nobody → Summer Long (slong-g)
Revision history for this message
Edgar Magana (emagana) wrote :

Summer, any update on this bug?

Revision history for this message
Summer Long (slong-g) wrote :

Edgar, am just getting back to my bug list. Will do this one in the next week.

Revision history for this message
Edgar Magana (emagana) wrote :

Summer, sorry for bothering you with this one but I would like to know if you can provide a status on this.

Revision history for this message
Summer Long (slong-g) wrote :

Edgar, many apologies for my tardiness, but there is not yet an upgrade procedure for Havana -> Icehouse. And this is the only place where that information would be relevant, right?

So have added the upgrade bug: https://bugs.launchpad.net/openstack-manuals/+bug/1307761

neutron isn't currently covered in the Ops Guide procedures for Havana (because it wasn't used in the architecture for the previous version), so I can't just slot it in.

Until that happens, I've added a note here: https://wiki.openstack.org/wiki/ReleaseNotes/Icehouse#General_Upgrade_Notes
Could you please review this? Should anything else be said?

Revision history for this message
Summer Long (slong-g) wrote :

Tom's found the older bug, 1307761 is a duplicate: https://bugs.launchpad.net/openstack-manuals/+bug/1253879

Revision history for this message
Anne Gentle (annegentle) wrote :

I think that beyond just the upgrade, the use cases for x-tenant-id sound interesting. Are they documented or known?

Revision history for this message
Edgar Magana (emagana) wrote :

Summer,

I think this bug os for a migration from Grizzly to Havana or from Grizzly to X version.
It may not needed for migration from Havana, right?
We could just add it into the release notes, what do you think?

Revision history for this message
Summer Long (slong-g) wrote :

Oh! If this fix is for Havana and not for Icehouse, then certainly I can update the Havana release notes.

But, you say 'I think'. Can you actually confirm the version? The targeted dev bug was merged to master in December, doesn't say specifically whether it was merged into a Havana maintenance release or to Icehouse (so this ticket assumed Icehouse).

Revision history for this message
Tom Fifield (fifieldt) wrote :

according to the original bug related to neutron, this went into icehouse

Revision history for this message
Edgar Magana (emagana) wrote :

Summer,
Any update on this? Is there something needed to close this one/

Summer Long (slong-g)
Changed in openstack-manuals:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers