*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
If nova-compute service is down at the moment of execution 'nova delete'
for instance, node with this instance will never been cleaned/turned off
after nova-compute start.
Steps to reproduce:
1. Prepare ironic/nova
2. Start instance (nova boot/openstack server create)
3. Wait until 'ACTIVE' state for instance.
4. Stop nova-compute
5. Wait until it become 'down' in 'nova service-list'
5. Execute 'nova delete' command for instance.
6. Start nova-compute serivce
Expected result:
Case 1:
- Instance stuck in the 'deleting' state until nova-compute is not come back.
- Node switch to 'cleaning/available' as soon as nova-compute come back
- Tenant instance (baremetal server) stops to operate as soon as nova-compute
is up.
or
- Instance deleted as usual
- Node switch to 'cleaning/available' as soon as nova-compute come back
- Tenant instance (baremetal server) stops to operate as soon as nova-compute
is up.
Actual result:
- Instance deleted as usual.
- Node has 'active' state with filled in 'Instance UUID' field.
- Tenant instance (baremetal server) continue to work after nova-compute is up
and continue to do so forever (until node is put to 'deleted' state manually by
system administrator).
I believe this is very severe bug, because it allows tenants to continue
to use services regardless of nova report that there are no tenant
instances running.
Affected version: newton.
** Affects: nova
Importance: Undecided
Status: New
--
ironic does not clean or shutdown nodes if nova-compute is down at the moment
of 'nova delete'
https://bugs.launchpad.net/bugs/1663225
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
