** Also affects: nova/pike
Importance: Undecided
Status: New
** Also affects: nova/ocata
Importance: Undecided
Status: New
** Also affects: nova/queens
Importance: Undecided
Status: New
** Changed in: nova/ocata
Status: New => Triaged
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1774205
Title:
AggregateMultiTenancyIsolation uses wrong tenant_id during cold
migrate
Status in OpenStack Compute (nova):
Triaged
Status in OpenStack Compute (nova) ocata series:
Triaged
Status in OpenStack Compute (nova) pike series:
New
Status in OpenStack Compute (nova) queens series:
New
Bug description:
The details are in this mailing list thread:
http://lists.openstack.org/pipermail/openstack-
operators/2018-May/015347.html
But essentially the case is:
* There are 3 compute hosts.
* compute1 and compute2 are in a host aggregate and a given tenant is
restricted to that aggregate
* The user creates a server on compute1
* The admin attempts to cold migrate the server which fails in the
AggregateMultiTenancyIsolation filter because it says the tenant_id in the
request is not part of the matching host aggregate.
The reason is because the cold migrate task in the conductor replaces
the original request spec, which had the instance project_id in it,
and uses the current context, which is the admin (which could be in a
different project):
https://github.com/openstack/nova/blob/stable/ocata/nova/conductor/tasks/migrate.py#L50
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1774205/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
