Bug 1004398

Summary: glance: no size check when creating an image from http
Product: Red Hat OpenStack Reporter: Dafna Ron <dron>
Component: openstack-glanceAssignee: Flavio Percoco <fpercoco>
Status: CLOSED ERRATA QA Contact: Tzach Shefi <tshefi>
Severity: medium Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: abaron, ddomingo, eglynn, fpercoco, hateya, jruzicka, sradvan, yeylon
Target Milestone: rcKeywords: Triaged
Target Release: 4.0   
Hardware: x86_64   
OS: Linux   
Whiteboard: storage
Fixed In Version: openstack-glance-2013.2-3.el6ost Doc Type: Bug Fix
Doc Text:
Cause: Glance didn't do any size verification on image-creation Consequence: It was possible to create images with a smaller size value - using `--size` - than the real one. Fix: Glance API v1 now checks the size of the image being uploaded and raises an error if it doesn't match the image's size. Result: Glance images are verified upon creation and include improved error handling.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-20 00:23:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
log none

Description Dafna Ron 2013-09-04 14:30:09 UTC 
Created attachment 793715 [details]
log

Description of problem:

if we create an image from file and use the --size with a smaller than image size we fail: 

[root@opens-vdsb ~(keystone_admin)]# glance image-create --name rhevm_image --disk-format qcow2 --container-format bare --file /tmp/39f89a6a-7fbb-43c0-a5ea-19b271f51829 --size 1
Request returned failure status.
400 Bad Request
Supplied size (1) and size generated from uploaded image (1440612352) did not match. Setting image status to 'killed'.
    (HTTP 400)

but if we do the same for create image from http we succeed: 

[root@opens-vdsb ~(keystone_admin)]# glance image-create --name human --disk-format qcow2 --container-format bare --location http://download.eng.tlv.redhat.com/rel-eng/RHEL6.4-20130130.0/6/Appliance/rhel-server-x86_64-kvm-6.4_20130130.0-2-sda.qcow2  --human-readable --size 1
+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | None                                 |
| container_format | bare                                 |
| created_at       | 2013-09-04T14:18:05                  |
| deleted          | False                                |
| deleted_at       | None                                 |
| disk_format      | qcow2                                |
| id               | 55d45384-6b4b-40c6-b399-639b03c06c3b |
| is_public        | False                                |
| min_disk         | 0                                    |
| min_ram          | 0                                    |
| name             | human                                |
| owner            | ad326a6c11a742c6bfdf4ad63be0c889     |
| protected        | False                                |
| size             | 1B                                   |
| status           | active                               |
| updated_at       | 2013-09-04T14:18:05                  |
+------------------+--------------------------------------+
[root@opens-vdsb ~(keystone_admin)]# glance image-list
+--------------------------------------+-------------+-------------+------------------+------------+--------+
| ID                                   | Name        | Disk Format | Container Format | Size       | Status |
+--------------------------------------+-------------+-------------+------------------+------------+--------+
| dc79349e-de25-4ec5-8b12-5a6145270c47 |             | qcow2       | bare             | 1974140928 | active |
| 1433f462-0079-49dc-b6be-a7927c12be77 | check       | qcow2       | bare             | 1974140928 | active |
| 2ebab353-cfda-4666-949c-07af9735cb3f | check       | qcow2       | bare             | 1974140928 | active |
| 04791607-2a95-452b-be19-73537ee18ce5 | check       | qcow2       | bare             | 1974140928 | active |
| 208bf4d0-f760-4212-8cf5-dd3ab0015a7d | disk_size   | qcow2       | bare             | 1440612352 | active |
| 43421785-6fb0-4ef2-8068-7993072a7735 | file        | qcow2       | bare             | 1440612352 | active |
| fa336437-3795-4354-89fd-e913fcae3dc9 | human       | qcow2       | bare             | 1974140928 | active |
| 55d45384-6b4b-40c6-b399-639b03c06c3b | human       | qcow2       | bare             | 1          | active |
| 0c4bc71a-4fa0-4585-9af1-e49b06d57082 | just_copy   | qcow2       | bare             | 1974140928 | active |
| 9df487b3-6a71-48ff-a012-668324aae01f | not_public  | qcow2       | bare             | 1974140928 | active |
| e2e2fa1a-55b4-426a-a05b-9d9e70ffed72 | no_del      | qcow2       | bare             | 1974140928 | active |
| 05c9b5e2-3082-4ad3-8d03-faf74b61234c | rhel64      | qcow2       | bare             | 1974140928 | active |
| fbf238ee-8396-4da2-961b-613b7c4ed9ec | rhevm_image | qcow2       | bare             | 1440612352 | active |
| 405e09b9-ec54-45e0-8762-bd645405e11e | size        | qcow2       | bare             | 1974140928 | active |
| ec358c7a-6579-4cda-93a5-8e409fb6e7d9 | tenant      | qcow2       | bare             | 1974140928 | active |
| a32222e7-f879-41ab-b66b-5cad299b0b8d | test        | qcow2       | bare             | 31357907   | active |
| 9a611a39-b028-44dd-a8d0-027bbb3ce1eb | testttt     | qcow2       | bare             | 699592704  | active |
+--------------------------------------+-------------+-------------+------------------+------------+--------+


Version-Release number of selected component (if applicable):

openstack-glance-2013.1.3-1.el6ost.noarch

How reproducible:

100%

Steps to Reproduce:
1. create an image from file when the --size is smaller than the original image
2. create an image from http when the --size is smaller than the original image
3.

Actual results:

we fail when its a file and succeed when its http

Expected results:

we should fail for both 

Additional info:


https://bugs.launchpad.net/glance/+bug/1220744
Comment 3 Flavio Percoco 2013-09-09 09:02:15 UTC 
It looks like it could be possible to explicitly - letting the user know -- ignore --size when --location is used. 

It needs to be discussed upstream. As mentioned in the upstream bug, I'll bring this up in one of the next meetings.

Moving it to python-glanceclient for now since this change will affect the client instead.
Comment 7 Tzach Shefi 2013-12-02 12:56:43 UTC 
Bug fix verified, output as expected.

Image-create (with intentional small size limit), now fails both 
methods direct file as well as http uploads.

Versions used during verification: 
Red Hat Enterprise Linux Server release 6.5 (Santiago)
openstack-glance-2013.2-3.el6ost.noarch

Ouput:

Failed upload of local image file as source. 

[root@cougar01 iso(keystone_admin)]# glance image-create --name BZ_local_iso_image --disk-format qcow2 --container-format bare --file /tmp/iso/rhel-server-x86_64-kvm-6.4_20130130.0-2-sda.qcow2 --size 2
Request returned failure status.
HTTPInternalServerError (HTTP 500)


Failed upload of image http as source. 

[root@cougar01 iso(keystone_admin)]# glance image-create --name BZ_htto_image --disk-format qcow2 --container-format bare --location http://download.eng.tlv.redhat.com/rel-eng/RHEL6.4-20130130.0/6/Appliance/rhel-server-x86_64-kvm-6.4_20130130.0-2-sda.qcow2 --human-readable --size 2 
Request returned failure status.
409 Conflict
Provided image size must match the stored image size. (provided size: 2, stored size: 1974140928)
    (HTTP 409)
Comment 10 errata-xmlrpc 2013-12-20 00:23:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html