yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1412501] Re: libvirt driver uses a set of ssh commands for communication with other nodes

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Tristan Cacqueray <tristan.cacqueray@xxxxxxxxxxxx>
Date: Mon, 26 Jan 2015 15:36:58 -0000
Reply-to: Bug 1412501 <1412501@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

class D confirmed, setting the OSSA task as won't fix.

** Changed in: ossa
       Status: Incomplete => Won't Fix

** Changed in: ossa
     Assignee: Marian Horban (mhorban) => (unassigned)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1412501

Title:
  libvirt driver uses a set of ssh commands for communication with other
  nodes

Status in OpenStack Compute (Nova):
  In Progress
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  libvirt driver uses ssh commands:
    - ssh touch,
    - ssh mkdir, 
    - ssh rm,
    - rsync
   for communication with other nodes(for migration purposes).
  This fact force us to use additional shell and it can cause security risk.
  We can not avoid usage shell at all because of copying disk(uses rsync/scp call).
  But it is possible to decrease the interface between nodes by using single rsync call instead of using ssh touch, ssh mkdir, ssh rm, rsync.
  Usage rsync/scp commands only allows us to use secure shells like rssh.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1412501/+subscriptions