StarlingX

Add semantic checks to protect host capabilities

Bug #1794117 reported by Daniel Badea
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Daniel Badea

Bug Description

protect host capabilities

Brief Description
-----------------
There is no semantic check to prevent updating of host capabilities from CLI. For example:

  system host-update storage-1 capabilities="{'stor_function':'monitor'}"

runs successfully when it shouldn't (storage-1 is not/should not run a ceph monitor service).

Severity
--------
Major

Steps to Reproduce
------------------
system host-update storage-1 capabilities="{'stor_function':'monitor'}"

Expected Behavior
------------------
"system host-update" command should fail when trying to update capabilities that are used by other services

Actual Behavior
----------------
Host capabilities are updated

Reproducibility
---------------
Reproducible

System Configuration
--------------------
Discovered on a storage system but can be reproduced on any type of system by setting 'Personality' for a controller node.

Branch/Pull Time/Commit
-----------------------
stx/master

Timestamp/Logs
--------------
N/A

Daniel Badea (daniel.badea)
Changed in starlingx:
assignee: nobody → Daniel Badea (daniel.badea)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Targeting stx.2019.03 as this just adds semantic checks for extra protection

Changed in starlingx:
importance: Undecided → Medium
status: New → Triaged
summary: - protect host capabilities
+ Add semantic checks to protect host capabilities
tags: added: stx.2019.03
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-config (master)

Fix proposed to branch: master
Review: https://review.openstack.org/605124

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-config (master)

Reviewed: https://review.openstack.org/605124
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=9231c6765a0b2953314b61d0ecca3fe17d671e31
Submitter: Zuul
Branch: master

commit 9231c6765a0b2953314b61d0ecca3fe17d671e31
Author: Daniel Badea <email address hidden>
Date: Tue Sep 25 16:09:52 2018 +0000

    protect host capabilities

    Reject updating read-only host capabilities:
    1. stor_function. This field is set to 'monitor' for hosts
       that are running ceph monitor process: controller-0,
       controller-1, storage-0.
    2. Personality. This field is "virtual": not saved in the
       database but returned via API and displayed via
       "system host-show".

    Change-Id: I6d169b68bffd74e7fae56f9d92d5930593cefe59
    Closes-Bug: #1794117
    Signed-off-by: Daniel Badea <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ken Young (kenyis)
tags: added: stx.2019.05
removed: stx.2019.03
Ken Young (kenyis)
tags: added: stx.2.0
removed: stx.2019.05
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.