Reviewed: https://review.openstack.org/571245 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=8c216608194c89d281e8d2b66abd1e50e2405b01 Submitter: Zuul Branch: master
commit 8c216608194c89d281e8d2b66abd1e50e2405b01 Author: Matt Riedemann <[email protected]> Date: Wed May 30 12:07:53 2018 -0400 Use instance project/user when creating RequestSpec during resize reschedule When rescheduling from a failed cold migrate / resize, the compute service does not pass the request spec back to conductor so we create one based on the in-scope variables. This introduces a problem for some scheduler filters like the AggregateMultiTenancyIsolation filter since it will create the RequestSpec using the project and user information from the current context, which for a cold migrate is the admin and might not be the owner of the instance (which could be in some other project). So the AggregateMultiTenancyIsolation filter might reject the request or select a host that fits an aggregate for the admin but not the end user. This fixes the problem by using the instance project/user information when constructing the RequestSpec which will take priority over the context in RequestSpec.from_components(). Long-term we need the compute service to pass the request spec back to the conductor during a reschedule, but we do this first since we can backport it. Change-Id: Iaaf7f68d6874fd5d6e737e7d2bc589ea4a048fee Closes-Bug: #1774205 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1774205 Title: AggregateMultiTenancyIsolation uses wrong tenant_id during cold migrate Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) ocata series: Triaged Status in OpenStack Compute (nova) pike series: New Status in OpenStack Compute (nova) queens series: New Bug description: The details are in this mailing list thread: http://lists.openstack.org/pipermail/openstack- operators/2018-May/015347.html But essentially the case is: * There are 3 compute hosts. * compute1 and compute2 are in a host aggregate and a given tenant is restricted to that aggregate * The user creates a server on compute1 * The admin attempts to cold migrate the server which fails in the AggregateMultiTenancyIsolation filter because it says the tenant_id in the request is not part of the matching host aggregate. The reason is because the cold migrate task in the conductor replaces the original request spec, which had the instance project_id in it, and uses the current context, which is the admin (which could be in a different project): https://github.com/openstack/nova/blob/stable/ocata/nova/conductor/tasks/migrate.py#L50 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1774205/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
