yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1412501] Re: libvirt driver uses a set of ssh commands for communication with other nodes

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 03 Sep 2015 11:46:29 -0000
Reply-to: Bug 1412501 <1412501@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
       Status: Fix Committed => Fix Released

** Changed in: nova
    Milestone: None => liberty-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1412501

Title:
  libvirt driver uses a set of ssh commands for communication with other
  nodes

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  libvirt driver uses ssh commands:
    - ssh touch,
    - ssh mkdir, 
    - ssh rm,
    - rsync
   for communication with other nodes(for migration purposes).
  This fact force us to use additional shell and it can cause security risk.
  We can not avoid usage shell at all because of copying disk(uses rsync/scp call).
  But it is possible to decrease the interface between nodes by using single rsync call instead of using ssh touch, ssh mkdir, ssh rm, rsync.
  Usage rsync/scp commands only allows us to use secure shells like rssh.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1412501/+subscriptions