[ovirt-devel] [proposal] deprecate VDSM ping in favor of ping2 and confirmConnectivity

Tue Aug 8 06:29:44 UTC 2017

On Mon, Aug 7, 2017 at 5:26 PM, Roy Golan <rgolan at redhat.com> wrote:

> Still someone could call conirmConnectivity, no? so the state isn't
> guarded from localhost tinkering anyhow. If you really need a solution you
> can acuire a token for this operation by setupNetworks, and confirm
> connectivity with this token passed back.
>

At this stage, the problem is not focus on security. If the usage is wrong
it will indeed break things, attacking that will require some more advance
means (but I am not sure we need it in a close system).

> I'm not sure about the severity of the problem here, I'll let other reply,
> but I'm against this kind of solution.
>
>
>
> On Mon, 7 Aug 2017 at 15:32 Petr Horacek <phoracek at redhat.com> wrote:
>
>> Hello,
>>
>> current VDSM ping verb has a problem - it confirms network
>> connectivity as a side-effect. After Engine calls setupNetwork it
>> pings VDSM host to confirm that external network connectivity is not
>> broken. This prohibits other users to call ping from localhost since
>> it would confirm connectivity even though networking could be broken.
>>
>> In order to fix this problem ping should be split to ping2 (which just
>> returns Success with no side-effect) and confirmConnectivity. Change
>> on VDSM side was introduced in [1], we still need to expose new verbs
>> in Engine.
>>
>> Regards,
>> Petr
>>
>> [1] https://gerrit.ovirt.org/#/c/80119/
>> _______________________________________________
>> Devel mailing list
>> Devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/devel
>>
>
> _______________________________________________
> Devel mailing list
> Devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20170808/fd54ed50/attachment.html>