[nova][neutron][ptg] Summary: Leaking resources when ports are deleted out-of-band
amotoki at gmail.com
Fri May 3 23:22:46 UTC 2019
On Fri, May 3, 2019 at 4:11 PM Matt Riedemann <mriedemos at gmail.com> wrote:
> On 5/3/2019 3:35 PM, Balázs Gibizer wrote:
> > 2) Matt had a point after the session that if Neutron enforces that
> > only unbound port can be deleted then not only Nova needs to be changed
> > to unbound a port before delete it, but possibly other Neutron
> > consumers (Octavia?).
> And potentially Zun, there might be others, Magnum, Heat, idk?
> Anyway, this is a thing that has been around forever which admins
> shouldn't do, do we need to prioritize making this change in both
> neutron and nova to make two requests to delete a bound port? Or is just
> logging the ERROR that you've leaked allocations, tsk tsk, enough? I
> tend to think the latter is fine until someone comes along saying this
> is really hurting them and they have a valid use case for deleting bound
> ports out of band from nova.
neutron deines a special role called "advsvc" for advanced network
I think we can change neutron to block deletion of bound ports for regular
allow users with "advsvc" role to delete bound ports.
I haven't checked which projects currently use "advsvc".
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openstack-discuss