[Bug 1546728] Re: [MIR] aodh

Seth Arnold 1546728 at bugs.launchpad.net
Wed Apr 20 05:18:53 UTC 2016 

I reviewed aodh version 2.0.0-0ubuntu1 as checked into xenial. This
shouldn't be considered a full security audit but rather a quick gauge of
maintainability.

- aodh provides configurable 'alarms' based on ceilometer measurements of
  openstack, with a goal towards automatic cloud control
- can store data to hbase, mongodb, postgresql, mysql/mariadb/etc
- can call http apis for triggers
- publishes an http api for configuration
- Build-Depends: debhelper, dh-python, dh-systemd, openstack-pkg-tools,
  python-all, python-pbr, python-setuptools, python-sphinx,
- Build-Depends-Indep: alembic, mongodb, python-babel,
  python-ceilometerclient, python-coverage, python-croniter,
  python-fixtures, python-gabbi, python-gnocchiclient, python-hacking,
  python-happybase, python-jsonschema, python-keystoneclient,
  python-keystonemiddleware, python-lxml, python-mock, python-oslo.config,
  python-oslo.context, python-oslo.db, python-oslo.i18n, python-oslo.log,
  python-oslo.messaging, python-oslo.middleware, python-oslo.policy,
  python-oslo.serialization, python-oslo.service, python-oslo.utils,
  python-oslosphinx, python-oslotest, python-pastedeploy, python-pecan,
  python-psycopg2, python-pymongo, python-pymysql, python-requests,
  python-retrying, python-six, python-sphinxcontrib-pecanwsme,
  python-sphinxcontrib.httpdomain, python-sqlalchemy, python-stevedore,
  python-tempest-lib, python-testtools, python-tooz, python-tz,
  python-webob, python-werkzeug, python-wsme, subunit, testrepository,
- No cryptography
- Networking done via wsgi, urllib3, werkzeug.serving
- most pre/post inst/rm scripts clean up most actions; it appears the aodh
  user and group are left on the system after purge
- No dbus services
- No setuid
- aodh-dbsync, aodh-notifier, aodh-evaluator, aodh-expirer, aodh-listener,
  aodh-api binaries in /usr/bin
- No sudo fragments
- No udev rules
- Large set of tests but with the amount of mocking in place and the
  highly dynamic nature of the service I'd be surprised if it's really
  helpful

- No subprocesses spawned
- No file io
- One logging function lacked "%s"
- No environment variable use
- No privileged operations
- No cryptography
- No low-level networking; wsgi, http client via libraries
- Some privileged portions of code to select between tenant vs all alarms,
  looked deliberate and careful
- No temporary files
- No webkit
- No policykit

I didn't get to spend as much time reading this code as I would have liked
but a shallow inspection looked like it was developed with care.

I'd suggest careful and thoughtful use of such automation -- reaching
homeostasis is tricky. Systems that use hysteresis are more likely to be
chaotic at the least convenient times. (Based on a firm belief in the
wisdom of Murphy's Law.)

I only noticed one bug while reviewing the code:

- ./aodh/evaluator/composite.py evaluate() has potentially unsafe logging
  call:
  LOG.debug(reason)

This may only be a denial of service vector at the worst.

Security team ACK for promoting aodh to main.

Thanks


** Changed in: aodh (Ubuntu)
     Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to aodh in Ubuntu.
https://bugs.launchpad.net/bugs/1546728

Title:
  [MIR] aodh

Status in aodh package in Ubuntu:
  New

Bug description:
  [MIR] aodh

  [Availability]
  Currently in universe.

  [Rationale]
  Aodh is an OpenStack project that we're ready to support in main.  It contains the alarm functionality that was split from ceilometer during Mitaka.

  [Security]
  No security history.

  [Quality Assurance]
  Package works out of the box with no prompting. There are no major bugs in Ubuntu and there are no major bugs in Debian. Unit tests are run during build.

  [Dependencies]
  All are in main.

  [Standards Compliance]
  FHS and Debian Policy compliant.

  [Maintenance]
  This is a core openstack package that the OpenStack Team will take care of.

  [Background]
  Aodh's goal is to enable the ability to trigger actions based on defined rules against sample or event data collected by Ceilometer.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aodh/+bug/1546728/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list