lp:~smoser/nova/lp853330

Branch merges

Propose for merging

No branches dependent on this one.

Merged into lp:~hudson-openstack/nova/trunk at revision 1604

Soren Hansen (community): Approve on 2011-09-20

Vish Ishaya (community): Approve on 2011-09-20

Diff: 85 lines (+60/-1)

2 files modified

nova/virt/images.py (+59/-0)
nova/virt/libvirt/connection.py (+1/-1)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #837100: nova does not uncompress qcow compressed images	Wishlist	Fix Released
Bug #837102: nova writes libvirt xml 'driver_type' based only on FLAGS.use_cow_images	Low	Fix Released
Bug #853330: qcow format could expose host filesystem information	High	Fix Released

Link a bug report

Related blueprints

1601. By Scott Moser on 2011-09-20

Address Soren's comments:
 * clean up temp files if an ImageUnacceptable is going to be raised
   Note, a qemu-img execution error will not clean up the image, but I
   think thats reasonable. We leave the image on disk so the user can
   easily investigate.
 * Change final 2 arguments to fetch_to_raw to not start with an _
 * use 'env' utility to change environment variables LC_ALL and LANG so
   that qemu-img output parsing is not locale dependent.
   Note, I considered the following, but found using 'env' more readable
     out, err = utils.execute('sh', '-c', 'export LC_ALL=C LANG=C && exec "$@"',
         'qemu-img', 'info', path)

1600. By Scott Moser on 2011-09-20

merge with trunk r1601

1599. By Scott Moser on 2011-09-20

fix call to gettext

1598. By Scott Moser on 2011-09-20

fix syntax error in exception, remove "Dangerous!" comment

1597. By Scott Moser on 2011-09-19

use dictionary format for exception message

1596. By Scott Moser on 2011-09-19

use '_(' for exception messages

1595. By Scott Moser on 2011-09-19

convert images that are not 'raw' to 'raw' during caching to node

This uses 'qemu-img' to convert images that are not 'raw' to be 'raw'.
By doing so, it
 a.) refuses to run uploaded images that have a backing image reference
     (LP: #853330, CVE-2011-3147)
 b.) ensures that when FLAGS.use_cow_images is False, and the libvirt
     xml written specifies 'driver_type="raw"' that the disk referenced
     is also raw format. (LP: #837102)
 c.) removes compression that might be present to avoid cpu bottlenecks
     (LP: #837100)

It does have the negative side affect of using more space in the case where
the user uploaded a qcow2 (or other advanced image format) that could have
been used directly by the hypervisor. That could, later, be remedied by
another 'qemu-img convert' being done to the "preferred" format of the
hypervisor.

1594. By Jason Kölker on 2011-09-19

* Remove the foreign key and backrefs tying vif<->instance
* Update instance filtering to pass ip related filters to the network manager
* move/update tests

1593. By Vish Ishaya on 2011-09-19

Adds an optional flag to force dhcp releases on instance termination. This allows ips to be reused without having to wait for the lease to timeout.

1592. By Brian Waldon on 2011-09-19

Fixing case where OSAPI server create would return 500 on malformed body.