openstack
/
nova
Code Issues Proposed changes
OpenStack Compute (Nova)
50,061 Commits 9 Branches 84 Tags 1.6 GiB
Python 97.7%
Smarty 2.2%
Shell 0.1%
Go to file
Matt Riedemann 7bcd581c78 Add policy rule to block image-backed servers with 0 root disk flavor 
This adds a new policy rule which defaults to behave in a
backward compatible way, but will allow operators to enforce
that servers created with a zero disk flavor must also be
volume-backed servers.

Allowing users to upload their own images and create image-backed
servers on local disk with zero root disk size flavors can be
potentially hazardous if the size of the image is unexpectedly
large, since it can consume the local disk (or shared storage pool).

It should be noted that disabling the new policy rule will
result in a non-backward compatible API behavior change and no
microversion is being introduced for this because enforcement via
a new microversion would not close the security gap on any previous
microversions.

Related compute API reference and user documentation is updated
to mention the policy rule along with a release note since
this is tied to a security bug, which will be backported to stable
branches.

Conflicts:
      nova/policies/servers.py
      nova/tests/unit/test_policy.py

NOTE(mriedem): The conflict is due to not having change
Iedd3fea0e86648fae364f075915555dcb2c4f199 in Queens for trusted
certs.

Change-Id: Id67e1285a0522474844de130c9263e11868f67fb
Closes-Bug: #1739646
(cherry picked from commit 763fd62464)
 		2018-06-18 13:51:41 -04:00
api-guide/source Merge "Update links in documents" 2018-02-08 01:29:29 +00:00
api-ref/source Add policy rule to block image-backed servers with 0 root disk flavor 2018-06-18 13:51:41 -04:00
contrib trivial: Remove "vif" script 2017-08-07 16:00:10 +01:00
devstack Blacklist test_extend_attached_volume from cells v1 job 2017-10-05 17:31:05 -04:00
doc Add policy rule to block image-backed servers with 0 root disk flavor 2018-06-18 13:51:41 -04:00
etc/nova Move remaining uses of parted to privsep. 2018-01-24 22:26:36 +00:00
gate move gate hooks to gate/ 2017-01-04 11:05:16 +00:00
nova Add policy rule to block image-backed servers with 0 root disk flavor 2018-06-18 13:51:41 -04:00
placement-api-ref/source Merge "placement doc: Conflict caveat for DELETE APIs" 2018-02-07 13:33:29 +00:00
playbooks/legacy Migrate tempest-dsvm-multinode-live-migration job in-tree 2018-05-10 14:51:01 +00:00
releasenotes Add policy rule to block image-backed servers with 0 root disk flavor 2018-06-18 13:51:41 -04:00
tools Finish stestr migration 2017-11-24 16:51:12 -05:00
.coveragerc Remove nova/openstack/* from .coveragerc 2016-10-12 16:20:49 -04:00
.gitignore Fix test runner config issues with os-testr 1.0.0 2017-09-13 17:11:57 -04:00
.gitreview Update .gitreview for stable/queens 2018-02-09 07:15:06 +00:00
.mailmap Add mailmap entry 2014-05-07 12:14:26 -07:00
.stestr.conf Finish stestr migration 2017-11-24 16:51:12 -05:00
.zuul.yaml Migrate tempest-dsvm-multinode-live-migration job in-tree 2018-05-10 14:51:01 +00:00
CONTRIBUTING.rst Update links in documents 2018-01-12 17:05:11 +08:00
HACKING.rst doc: fix link to creating unit tests in contributor guide 2017-11-14 11:22:43 -05:00
LICENSE initial commit 2010-05-27 23:05:26 -07:00
MAINTAINERS Fix broken URLs 2017-09-07 15:42:31 +02:00
README.rst doc: Rework README to reflect new doc URLs 2017-08-03 16:06:08 -04:00
babel.cfg Get rid of distutils.extra. 2012-02-08 19:30:39 -08:00
bindep.txt Bindep does not catch missing libpcre3-dev on Ubuntu 2018-02-13 16:53:16 -05:00
requirements.txt Updated from global requirements 2018-02-01 07:20:35 +00:00
setup.cfg Deprecate the IronicHostManager 2017-11-28 15:23:48 -05:00
setup.py Updated from global requirements 2017-03-02 11:50:48 +00:00
test-requirements.txt Implement get_traits() for the ironic virt driver 2018-01-30 20:45:27 -05:00
tests-py3.txt Skip unit tests for SSL + py3 2017-03-02 14:30:16 +08:00
tox.ini Update UPPER_CONSTRAINTS_FILE for stable/queens 2018-02-09 07:15:13 +00:00

README.rst

Team and repository tags

image

OpenStack Nova

OpenStack Nova provides a cloud computing fabric controller, supporting a wide variety of compute technologies, including: libvirt (KVM, Xen, LXC and more), Hyper-V, VMware, XenServer, OpenStack Ironic and PowerVM.

Use the following resources to learn more.

API

To learn how to use Nova's API, consult the documentation available online at:

For more information on OpenStack APIs, SDKs and CLIs in general, refer to:

Operators

To learn how to deploy and configure OpenStack Nova, consult the documentation available online at:

In the unfortunate event that bugs are discovered, they should be reported to the appropriate bug tracker. If you obtained the software from a 3rd party operating system vendor, it is often wise to use their own bug tracker for reporting problems. In all other cases use the master OpenStack bug tracker, available at:

Developers

For information on how to contribute to Nova, please see the contents of the CONTRIBUTING.rst.

Any new code must follow the development guidelines detailed in the HACKING.rst file, and pass all unit tests.

Further developer focused documentation is available at:

Other Information

During each Summit and Project Team Gathering, we agree on what the whole community wants to focus on for the upcoming release. The plans for nova can be found at: