Reviewed: https://review.openstack.org/519684 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=97a51d981bd603b964b04b3568218ce57ac57338 Submitter: Zuul Branch: stable/newton
commit 97a51d981bd603b964b04b3568218ce57ac57338 Author: Matt Riedemann <[email protected]> Date: Fri Oct 27 16:03:15 2017 -0400 Validate new image via scheduler during rebuild During a rebuild we bypass the scheduler because we are always rebuilding the instance on the same host it's already on. However, we allow passing a new image during rebuild and that new image needs to be validated to work with the instance host by running it through the scheduler filters, like the ImagePropertiesFilter. Otherwise the new image could violate constraints placed on the host by the admin. This change checks to see if there is a new image provided and if so, modifies the request spec passed to the scheduler so that the new image is validated all while restricting the scheduler to still pick the same host that the instance is running on. If the image is not valid for the host, the scheduler will raise NoValidHost and the rebuild stops. A functional test is added to show the recreate of the bug and that we probably stop the rebuild now in conductor by calling the scheduler to validate the image. Co-Authored-By: Sylvain Bauza <[email protected]> Closes-Bug: #1664931 NOTE(mriedem): There were a few changes needed for Newton: 1. There is no PlacementFixture but it's not needed. 2. The API client needs to have the microversion set from the test. 3. The enabled_filters config option wasn't in Newton. 4. The scheduler has to be started before compute otherwise we get a MessagingTimeout due to the CastAsCall fixture during the compute startup. Depends-On: I344d8fdded9b7d5385fcb41b699f1352acb4cda7 Change-Id: I11746d1ea996a0f18b7c54b4c9c21df58cc4714b (cherry picked from commit 984dd8ad6add4523d93c7ce5a666a32233e02e34) (cherry picked from commit 9e2d63da94db63d97bd02e373bfc53d95808b833) (cherry picked from commit b72105c1c49fcddc94992af63fc2f8078023491a) ** Changed in: nova/newton Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1664931 Title: [OSSA-2017-005] nova rebuild ignores all image properties and scheduler filters (CVE-2017-16239) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1664931/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
