[Yahoo-eng-team] [Bug 1316822] Re: soft reboot of instance does not ensure iptables rules are present

Tue, 06 May 2014 21:07:03 -0700 

Added OSSA bug task, set to incomplete until confirmed  by core
developer. Even then I suspect we might issue a OSSN instead of a OSSA
for this.

Thoughts?

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1316822

Title:
  soft reboot of instance does not ensure iptables rules are present

Status in OpenStack Compute (Nova):
  New
Status in OpenStack Security Advisories:
  Incomplete

Bug description:
  The iptables rules needed to implement instance security group rules
  get inserted by the "_create_domain_and_network" function in
  nova/virt/libvirt/driver.py

  This function is called by the following functions: _hard_reboot,
  resume and spawn (also in a couple of migration related functions).

  Doing "nova reboot <instance_id>" only does a soft reboot
  (_soft_reboot) and assumes that the rules are already present and
  therefore does not check or try to add them.

  If the instances is stopped (nova stop <instance_id>) and nova-compute
  is restarted (for example for a maintenance or problem), the iptables
  rules are removed as observed via output displayed in iptables -S.

  If the instance is started via  nova reboot <instance_id> the rule is
  NOT reapplied until a service nova-compute restart is issued. I have
  reports that this may affect "nova start <instance_id>" as well.

  Depending on if the Cloud is public facing, this opens up a
  potentially huge security vulnerability as an instance can be powered
  on without being protected by any security group rules (not even the
  sg-fallback rule). This is unbeknownst to the instance owner or Cloud
  operators unless they specifically monitor for this situation.

  The code should not do a soft reboot/start and error out or fallback
  to a resume (start)or hard reboot if it detects that the domain is not
  running.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1316822/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to