unnecessary dep: nova-api -> nova-cert
Bug #965356 reported by
Soren Hansen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nova (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
nova-cert and nova-api don't need to run on the same machine.
In fact, doing so means you keep certificates on a publically exposed system, which is never a good idea.
Furthermore, there's no guarantee at all that reqeusts from nova-api to nova-cert will reach the cert server on the same host as it goes through the message queue, so if you have N nova-api servers, only one in every N requests to the cert service from nova-api will work.
If there's some reason these need to reside on the same system, that's a bug that should be filed against Nova. I know of no such bug.
Related branches
lp://qastaging/~openstack-ubuntu-testing/nova/precise-essex-proposed
- Chuck Short: Pending requested
-
Diff: 56 lines (+14/-4)3 files modifieddebian/changelog (+8/-0)
debian/control (+6/-3)
debian/nova-console.install (+0/-1)
CVE References
Changed in nova (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
This bug was fixed in the package nova - 2012.1~rc2-0ubuntu1
--------------- rc2-0ubuntu1) precise; urgency=low
nova (2012.1~
[ Adam Gandelman ] nova-common. postinst: Clean up spacing, remove redundant chown, nova-compute- {kvm, lxc, uml, xen}.postinst: Set proper permissions nova-compute. conf (LP: #861459) nova-common. postinst: Ensure default nova.sqlite database is not {install, postinst}}: Install api-paste.ini 0600 {nova-common. nova-manage. logrotate, network. nova-dhcpbridge .logrotate, rules}: Add lograte files, dh_installlogro tate. (LP: #942646) api-os- {volume, compute}, nova-rootwrap. Use sphinx built manpage manpages) nova-compute- {kvm, xen, uml, qemu}.postinst: Remove calls to postsinst in a
* debian/control: Remove unncessary nova-cert dependency from nova-api.
(LP: #965356)
* debian/
set blanket 0700 nova.nova permissions on /etc/nova/
* debian/
on /etc/nova/
* debian/
world-readable.
* debian/{rules, nova-common.
with nova-common (in prepartion for proper nova-api-* package separation)
* debian/
nova-
override_
* Add manpage stubs for nova-api-ec2, nova-api-metadata,
nova-
for nova-manage (nova-common.
* debian/
adduser since this is already handled from nova-compute.
vendor neutral way. Silences lintian errors regarding adduser dependency
[ Chuck Short ] patches/ libvirt- use-console- pipe.patch: Dropped. patches/ nova-console- monitor. patch: Add console-monitor patches/ fix-ubuntu- tests.patch: Fix nova testsuite. patches/ validate_ server_ name_length. patch: Dropped no longer patches/ fix-docs- build-without- network. patch: Some docs need patches/ 0001-fix- useexisting- deprecation- warnings. patch:
* New upstream version.
* debian/
* debian/
option.
* debian/nova.conf: Enable use_console_monitor
* debian/
* debian/rules: fail package build if testsuite fails.
* debian/
needed.
* debian/
a network connection in order to build. Disable fetching docs from
the internet.
* debian/
Remove deprecated warnings with sqlalchemy.
[ Tyler Hicks ] patches/ validate_ server_ name_length. patch: Limit server names
* SECURITY UPDATE: Denial of service via resource exhaustion in nova-api
(LP: #968411)
- debian/
to a maximum of 255 characters to prevent nova-api log files from
exhausting storage space. Based on upstream patch.
- CVE-2012-1585
-- Chuck Short <email address hidden> Mon, 02 Apr 2012 11:17:33 -0400