[openstack-dev] [nova] Thoughs please on how to address a problem with mutliple deletes leading to a nova-compute thread pool problem

Chris Friesen chris.friesen at windriver.com
Mon Oct 28 19:02:45 UTC 2013


On 10/28/2013 12:01 PM, Joshua Harlow wrote:
> But there is a difference here that I think needs to be clear.
>
> Releasing the resources from nova (in the current way its done) means
> another individual can take those resources and that causes
> inconsistencies (bad for deployer).
>
> I think we talked about how we can make this better by putting the
> resources into a 'not-yet-deleted' state, where they can no be taken.
>
> But this has side-effects in itself that need to be thought out carefully,
> as those resources are potentially still 'active' so a malicious user will
> now have access to more resources than there quota allows (+1 for
> malicious user). And if the malicious user is especially malicious they
> can take advantage of the fact that all the deletes are going into the
> 'not-yet-deleted' state and they can the DOS your resources (in a way).

If the cloud operator's equipment is in a good state, the time spent in 
the "zombie" state should be minimal.

The issues only occur when there are problems on the hosting side, and 
hopefully that doesn't happen very often.

And maybe we get fancy and put a limit as to how much of a user's 
equipment can be in the "zombie" state at any given time.  If they start 
trying to game the system then they get throttled.

Chris



More information about the OpenStack-dev mailing list