yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1930866] [NEW] locked instance can be rendered broken by deleting port

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: George Shuklin <1930866@xxxxxxxxxxxxxxxxxx>
Date: Fri, 04 Jun 2021 10:26:44 -0000
Reply-to: Bug 1930866 <1930866@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

'server lock' is indented to protect instance from simple mistakes (like
removing the wrong instance, or shut-downing it). It does prevent
shutdown, destruction and port detachment.

But if port is removed via `openstack port delete` it silently get
removed from locked instance, effectively, breaking it.

Steps to reproduce:
```
openstack server create foo
openstack server lock foo
openstack port delete {id of the port of the instance}
```

Expected behavior: error message, rejecting to delete port, used by
locked instance.

Actual behavior: port is removed, leaving locked instance without
network.


I was able to reproduce it on nova 17.0.12, but newer versions may be affected too.

** Affects: nova
     Importance: Undecided
         Status: New

** Description changed:

  'server lock' is indented to protect instance from simple mistakes (like
  removing the wrong instance, or shut-downing it). It does prevent
  shutdown, destruction and port detachment.
  
  But if port is removed via `openstack port delete` it silently get
  removed from locked instance, effectively, breaking it.
  
  Steps to reproduce:
  ```
  openstack server create foo
  openstack server lock foo
  openstack port delete {id of the port of the instance}
  ```
  
- I was able to reproduce it on nova 17.0.12, but newer versions may be
- affected too.
+ Expected behavior: error message, rejecting to delete port, used by
+ locked instance.
+ 
+ Actual behavior: port is removed, leaving locked instance without
+ network.
+ 
+ 
+ I was able to reproduce it on nova 17.0.12, but newer versions may be affected too.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1930866

Title:
  locked instance can be rendered broken by deleting port

Status in OpenStack Compute (nova):
  New

Bug description:
  'server lock' is indented to protect instance from simple mistakes
  (like removing the wrong instance, or shut-downing it). It does
  prevent shutdown, destruction and port detachment.

  But if port is removed via `openstack port delete` it silently get
  removed from locked instance, effectively, breaking it.

  Steps to reproduce:
  ```
  openstack server create foo
  openstack server lock foo
  openstack port delete {id of the port of the instance}
  ```

  Expected behavior: error message, rejecting to delete port, used by
  locked instance.

  Actual behavior: port is removed, leaving locked instance without
  network.

  
  I was able to reproduce it on nova 17.0.12, but newer versions may be affected too.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1930866/+subscriptions

Follow ups

[Bug 1930866] Re: locked instance can be rendered broken by deleting port
From: Artom Lifshitz, 2021-06-22