the current logic is incorrectly and expoing the host pci adress in the
metadata not the vitual guest adress
while one might think this is a security issue it is not as the host adress is
already exposed to the end user via the neutron port profile. as such this does
not represent a new information disclosure however it defeats the purpose of
the deivce role tagging feature as it is intended to allow user to easily map
between the virtual devices and the tag they assigned to the logical neutron
port.
i am traigeing this as medium as it is a valid issue an is already in
progress.
** Changed in: nova
Importance: Undecided => Medium
** Also affects: nova/queens
Importance: Undecided
Status: New
** Also affects: nova/train
Importance: Undecided
Status: New
** Also affects: nova/ussuri
Importance: Medium
Assignee: Artom Lifshitz (notartom)
Status: In Progress
** Also affects: nova/rocky
Importance: Undecided
Status: New
** Also affects: nova/stein
Importance: Undecided
Status: New
** Changed in: nova/rocky
Importance: Undecided => Medium
** Changed in: nova/rocky
Status: New => Triaged
** Changed in: nova/queens
Importance: Undecided => Medium
** Changed in: nova/queens
Status: New => Triaged
** Changed in: nova/stein
Importance: Undecided => Medium
** Changed in: nova/stein
Status: New => Triaged
** Changed in: nova/train
Importance: Undecided => Medium
** Changed in: nova/train
Status: New => Triaged
** Tags added: metadata neutron
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1836389
Title:
Device role tagging doesn't work for SRIOV PF
Status in OpenStack Compute (nova):
In Progress
Status in OpenStack Compute (nova) queens series:
Triaged
Status in OpenStack Compute (nova) rocky series:
Triaged
Status in OpenStack Compute (nova) stein series:
Triaged
Status in OpenStack Compute (nova) train series:
Triaged
Status in OpenStack Compute (nova) ussuri series:
In Progress
Bug description:
Description
===========
Setting a device role tag on a PF interface has no effect on metadata
- IOW, the PF and its tag doesn't appear in the device metadata at
all.
Steps to reproduce
==================
1. Create a PF port:
openstack port show 6dd3b82f-ce2f-44dd-acd0-62b922a7281a
<snip>
| binding_host_id | computeovsdpdk-0.localdomain
| binding_profile | pci_slot='0000:86:00.0', pci_vendor_info='8086:1572',
physical_network='east'
<snip>
2. Boot a VM with that PF, with a device role tag:
nova boot TRex --flavor vnfc --image testpmd \
--nic net-id=8fe3eb35-4eb4-4a9a-9eaf-b97708fef451,tag=mgmt \
--config-drive True --key-name undercloud \
--nic port-id=6dd3b82f-ce2f-44dd-acd0-62b922a7281a,tag=east
3. SSH into the VM and look at the device metadata:
[root@trex ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@trex ~]# cd /mnt/openstack/latest/
[root@trex latest]# jq . meta_data.json
Expected result
===============
Both tagged network devices to appear in the metadata.
Actual result
=============
Only the "mgmt" NIC appears in the metadata, the "east" PF is missing:
"devices": [
{
"bus": "pci",
"mac": "fa:16:3e:21:8a:d7",
"tags": [
"mgmt"
],
"type": "nic",
"address": "0000:00:03.0"
}
],
Environment
===========
Originally reported on OSP13/Queens [1].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1724999
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1836389/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
