← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #58382

[Bug 1639312] [NEW] Nova does not validate graphics console addresses

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Due to all changes in nova live migration code path there is condition
that is always evaluated to False:

https://github.com/openstack/nova/blob/5a81b00e6b2adba2a380b90e402ff391d64ea6a5/nova/virt/libvirt/driver.py#L5888

Even when using the lowest RPC microversion (4.0) migrata_data will
always be populated with graphics console addresses. This data will not
be there only when doing live migration, e.g., from Kilo to Newton,
which is not supported anyway. Even though both options,
graphics_listen_addr_vnc and graphics_listen_addr_spice are nullable:

https://github.com/openstack/nova/blob/4eb89c206e68a7172ebad897ad24769036c7bdd6/nova/objects/migrate_data.py#L125

there is no way to pass None through nova.conf, instead it is always
passed as string (e.g. "None"). Therefore values of both options will be
validated whether they are valid IP addresses. Also by default
vncserver_listen and server_listen are not set to None, but to 127.0.0.1

https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/vnc.py#L58
https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/spice.py#L65

Because of all this stuff nova never reaches code that should validate
graphics console addresses and we might allow live migration that breaks
graphics console on instance.

** Affects: nova
     Importance: Undecided
         Status: New


** Tags: live-migration

** Tags added: live-migration

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1639312

Title:
  Nova does not validate graphics console addresses

Status in OpenStack Compute (nova):
  New

Bug description:
  Due to all changes in nova live migration code path there is condition
  that is always evaluated to False:

  https://github.com/openstack/nova/blob/5a81b00e6b2adba2a380b90e402ff391d64ea6a5/nova/virt/libvirt/driver.py#L5888

  Even when using the lowest RPC microversion (4.0) migrata_data will
  always be populated with graphics console addresses. This data will
  not be there only when doing live migration, e.g., from Kilo to
  Newton, which is not supported anyway. Even though both options,
  graphics_listen_addr_vnc and graphics_listen_addr_spice are nullable:

  https://github.com/openstack/nova/blob/4eb89c206e68a7172ebad897ad24769036c7bdd6/nova/objects/migrate_data.py#L125

  there is no way to pass None through nova.conf, instead it is always
  passed as string (e.g. "None"). Therefore values of both options will
  be validated whether they are valid IP addresses. Also by default
  vncserver_listen and server_listen are not set to None, but to
  127.0.0.1

  https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/vnc.py#L58
  https://github.com/openstack/nova/blob/cd3b57d0c0cb867ef48a6e9721d9b3e28cb08e84/nova/conf/spice.py#L65

  Because of all this stuff nova never reaches code that should validate
  graphics console addresses and we might allow live migration that
  breaks graphics console on instance.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1639312/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next