A software bug in OpenNebula 5.12 can cause data loss

Date: 2021-Jan-04

A software issue in OpenNebula 5.12 can cause unintentional termination of virtual machines and data loss. This issue exists only in OpenNebula 5.12 EE and CE and does not affect 5.10 or earlier releases. We recommend checking the details before upgrading to release 5.12.X or if you are already running this version.

During our routine tests of the OpenNebula and its integration with the StorPool storage, we found a bug in the OpenNebula web interface that may cause unintentional deletion of virtual machines. The issue is registered in https://github.com/OpenNebula/one/issues/5209

The problem is in the new feature introduced in version 5.12, called VM charter (http://docs.opennebula.io/5.12/operation/vm_management/vm_instances.html#vm-charter) This feature allows scheduled action for virtual machines.

../_images/one_5_12_vm_charter_1.png ../_images/one_5_12_vm_charter_2.png

Because of a software bug, if this feature is activated on a virtual machine created more than 4 weeks ago, the actions will be triggered immediately, and the virtual machine will be terminated. Any non-persistent or volatile images used by the virtual machine will be immediately deleted without any option for recovery.

Another issue is that this function is activated with a single mouse click, without notification, and without requiring confirmation. This increases the risk of unintentional VM termination and data loss.

We recommend that until this issue is resolved, to disable this feature on all OpenNebula 5.12 deployments to avoid the risk of data loss.

To disable the feature, edit the configuration file /etc/one/sunstone-server.conf and comment the following definition:

#Disable the "leases" in the "charters" button

#:leases:
#  suspend:
#  time: "+1209600"
#  color: "#000000"
#  warning:
#    time: "-86400"
#    color: "#085aef"
#terminate:
#  time: "+1209600"
#  color: "#e1ef08"
#  warning:
#    time: "-86400"
#    color: "#ef2808"

To mitigate the issue, the latest release of the StorPool add-on includes a deferred image delete feature. This allows images that are deleted via OpenNebula to be manually recovered within 48 hours after the deletion.

If you are using OpenNebula 5.12 with StorPool, please contact StorPool support for the recommended actions.