openstack/nova
Code Issues Proposed changes
OpenStack Compute (Nova)
54,007 Commits 10 Branches 95 Tags 1.6 GiB
Python 97.7%
Smarty 2.2%
Shell 0.1%
f394703f7e
Go to file
Kashyap Chamarthy f394703f7e Document mitigation for Intel MDS security flaws 
In May 2019, four new microprocessor security flaws, known as "MDS"
(Microarchitectural Data Sampling) have been discovered.  These flaws
affect unpatched Nova Compute nodes and instances running on Intel
x86_64 CPUs.  The said security flaws are also referred to as "RIDL"
(Rogue In-Flight Data Load) and "Fallout".

Refer to the following pages for further details:

 - https://access.redhat.com/security/vulnerabilities/mds
 - https://mdsattacks.com/
 - https://zombieloadattack.com/

            * * *

If we're adding the guide for "MDS" flaws, then it begs the
question: "What about mitigation guides for previous vulnerabilities?"

Two points:

(a) Write the mitigation document for rest of the previous
    vulnerabilities too, for completeness' sake. (In April 2018 I wrote
    this doc[1] for Meltdown — polish it and submit it. Parts of that
    document's content is already incorporated into the help text for
    the config attribute `cpu_model_extra_flags`.)

(b) For now, we can live with the cliché, "something is better than
    nothing"; we'll add the other docs "when we get to it".  Meanwhile,
    operators get mitigation details from various other places —
    processor vendors, Linux distributions, etc.

[1] https://kashyapc.fedorapeople.org/Reducing-OpenStack-Guest-Perf-Impact-from-Meltdown.txt

Change-Id: I1bb472c3438cc9a91945999d2350b2c59fa6a1f3
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
2019-06-05 15:55:24 +00:00
api-guide/source Documentation for bandwidth support 2019-03-18 11:24:56 +01:00
api-ref/source Remove '/os-cells' REST APIs 2019-04-16 18:26:13 +01:00
devstack Merge "Remove cells v1 jobs" 2019-04-15 20:16:15 +00:00
doc Document mitigation for Intel MDS security flaws 2019-06-05 15:55:24 +00:00
etc/nova Add oslo.privsep to config-generator list 2019-03-01 16:43:21 +00:00
gate Pass --nic when creating servers in evacuate integration test script 2019-04-01 09:58:01 -04:00
nova Merge "Delete require_instance_exists_using_uuid" 2019-04-26 08:28:39 +00:00
playbooks/legacy OpenDev Migration Patch 2019-04-19 19:45:52 +00:00
releasenotes Remove 'nova-manage cell' commands 2019-04-16 18:26:17 +01:00
tools Make Xen code py3-compatible 2018-08-10 20:04:19 +00:00
.coveragerc Remove nova/openstack/* from .coveragerc 2016-10-12 16:20:49 -04:00
.gitignore Remove Placement API reference 2018-11-28 03:38:41 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:45:52 +00:00
.mailmap Add mailmap entry 2014-05-07 12:14:26 -07:00
.stestr.conf Finish stestr migration 2017-11-24 16:51:12 -05:00
.zuul.yaml Don't run tempest/devstack jobs on nova/test.py only changes 2019-04-25 10:29:45 -04:00
babel.cfg Get rid of distutils.extra. 2012-02-08 19:30:39 -08:00
bindep.txt Merge "Bindep does not catch missing libpcre3-dev on Ubuntu" 2018-02-14 07:31:09 +00:00
CONTRIBUTING.rst Update links in documents 2018-01-12 17:05:11 +08:00
HACKING.rst Hacking N362: Don't abbrev/alias privsep import 2019-04-04 20:42:43 +00:00
LICENSE initial commit 2010-05-27 23:05:26 -07:00
lower-constraints.txt Bump to hacking 1.1.0 2019-04-12 16:23:49 +01:00
MAINTAINERS Fix broken URLs 2017-09-07 15:42:31 +02:00
README.rst Docs: modernise links 2018-03-24 20:27:11 +08:00
requirements.txt Uncap jsonschema 2019-04-12 10:14:18 +10:00
setup.cfg Merge "Remove 'nova-cells' service" 2019-04-16 08:25:34 +00:00
setup.py Updated from global requirements 2017-03-02 11:50:48 +00:00
test-requirements.txt Bump to hacking 1.1.0 2019-04-12 16:23:49 +01:00
tox.ini Merge "Bump to hacking 1.1.0" 2019-04-16 08:25:27 +00:00

README.rst

Team and repository tags

image

OpenStack Nova

OpenStack Nova provides a cloud computing fabric controller, supporting a wide variety of compute technologies, including: libvirt (KVM, Xen, LXC and more), Hyper-V, VMware, XenServer, OpenStack Ironic and PowerVM.

Use the following resources to learn more.

API

To learn how to use Nova's API, consult the documentation available online at:

For more information on OpenStack APIs, SDKs and CLIs in general, refer to:

Operators

To learn how to deploy and configure OpenStack Nova, consult the documentation available online at:

In the unfortunate event that bugs are discovered, they should be reported to the appropriate bug tracker. If you obtained the software from a 3rd party operating system vendor, it is often wise to use their own bug tracker for reporting problems. In all other cases use the master OpenStack bug tracker, available at:

Developers

For information on how to contribute to Nova, please see the contents of the CONTRIBUTING.rst.

Any new code must follow the development guidelines detailed in the HACKING.rst file, and pass all unit tests.

Further developer focused documentation is available at:

Other Information

During each Summit and Project Team Gathering, we agree on what the whole community wants to focus on for the upcoming release. The plans for nova can be found at: