yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1695861] Re: Invalid availability zone name with ':' is accepted

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1695861@xxxxxxxxxxxxxxxxxx>
Date: Wed, 04 Oct 2017 18:54:31 -0000
Reply-to: Bug 1695861 <1695861@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/490722
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=38b25397e805dcf7a995666049713304fe4f1af1
Submitter: Jenkins
Branch:    master

commit 38b25397e805dcf7a995666049713304fe4f1af1
Author: Tetsuro Nakamura <nakamura.tetsuro@xxxxxxxxxxxxx>
Date:   Fri Aug 4 11:29:00 2017 +0900

    fix nova accepting invalid availability zone name with ':'
    
    Nova has a legacy hack to allow admins to specify hosts via an
    availability zone using az:host:node. That means ':' cannot be
    included in the name of an availability zone itself.
    
    However, the aggregate API accepts requests which have
    availability zone names including ':'.
    
    This patch checks the availabilty zone name when aggregate is
    created or updated and raises an error if it contains ':'.
    
    Change-Id: I9b0d8e8d4b3ab2cb3d578c22fa259e0e7c0d325b
    Closes-Bug: #1695861


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1695861

Title:
  Invalid availability zone name with ':' is accepted

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) ocata series:
  Confirmed
Status in OpenStack Compute (nova) pike series:
  Confirmed

Bug description:
  According to the parse_availability_zone() of the API class [1], Nova
  has a legacy hack to allow admins to specify hosts via an availability
  zone using az:host:node. That means ':' cannot be included in the name
  of an availability zone itself. However, the create aggregate API
  accepts requests which have availability zone names including ':'.
  That causes a following bad scenario:

  1. An admin creates a host aggregate with availability_zone = bad:name:example
  2. An admin tries to create a server with availability_zone = bad:name:example
  3. The nova-api parse the request and split the availability_zone value with ':'
  4. Then it recognizes az=bad, host=name, node=example
  5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'.

  To solve this problem following fixes are needed:

  Option A:
  * Do not allow admins to create a host aggregate whose availability_zone name including ':'.
  * Document this specification.

  Option B:
  * Deprecate the legacy admin hack which uses  az:host:node and allow ':' for az name.

  [1]
  https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1695861/+subscriptions

References

[Bug 1695861] [NEW] Invalid availability zone name with ':' is accepted
From: Hiroaki Kobayashi, 2017-06-05