[
https://issues.apache.org/jira/browse/CLOUDSTACK-5017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13811825#comment-13811825
]
ASF subversion and git services commented on CLOUDSTACK-5017:
-------------------------------------------------------------
Commit 24af28290ec3ea6a18c66544dbfd8678d6f7d19b in branch refs/heads/master
from [~minchen07]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=24af282 ]
CLOUDSTACK-5017: use LocalHostEndPoint in copying from S3 to cache store
during ssvm launch.
> If SSVM is unavailable DownloadCommands will be routed to mgmt server
> ---------------------------------------------------------------------
>
> Key: CLOUDSTACK-5017
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5017
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Storage Controller
> Affects Versions: 4.2.0
> Reporter: Darren Shepherd
> Assignee: Min Chen
> Priority: Blocker
> Fix For: 4.3.0
>
>
> If a SSVM in the zone is not available, meaning either it does not exist or
> the host entry is not Up or Connecting, DownloadCommand will get routed to
> LocalHostEndpoint. This is particularily dangerous in a NFS setup. If the
> mgmt server handles the DownloadCommand it has sudo access to mount NFS and
> perform the action. This mean the mgmt server is now in the data path, or
> worse, it could hang if it does not have network access to the NFS server.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
