Description of problem: the glance quota is very easy to bypass... if we create an image using --location we do not have a size check and the image is created. since we don't enforce the quota in image download we can than simply boot instances from it. Version-Release number of selected component (if applicable): openstack-glance-2013.2.1-3.el6ost.noarch How reproducible: 100% Steps to Reproduce: 1. change user_storage_quota = 2 in user_storage_quota = 2 2. create an image using --location from any iso. 3. boot an instance from the image Actual results: We succeed in creating the image and booting instances from it Expected results: we should either enforce the quota on image download or block using --location when quota is enabled. Additional info: [root@cougar07 ~(keystone_admin)]# vim /etc/glance/glance-api.conf [root@cougar07 ~(keystone_admin)]# [root@cougar07 ~(keystone_admin)]# [root@cougar07 ~(keystone_admin)]# /etc/init.d/openstack-glance-api restart Stopping openstack-glance-api: [ OK ] Starting openstack-glance-api: [ OK ] [root@cougar07 ~(keystone_admin)]# [root@cougar07 ~(keystone_admin)]# [root@cougar07 ~(keystone_admin)]# [root@cougar07 ~(keystone_admin)]# [root@cougar07 ~(keystone_admin)]# cat /etc/glance/glance-api.conf |grep user_storage_quota user_storage_quota = 2 [root@cougar07 ~(keystone_admin)]# [root@cougar07 ~(keystone_admin)]# [root@cougar07 ~(keystone_admin)]# (reverse-i-search)`c': cat /etc/glance/glance-api.^Cnf |grep user_storage_quota [root@cougar07 ~(keystone_admin)]# glance image-create --name dafna --disk-format qcow2 --container-format bare --location http://download.eng.tlv.redhat.com/pub/rhel/released/RHEL-6/6.4/Appliance/rhel-workstation-x86_64-ec2-starter-6.4_20130130.0-1-sda.raw +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | None | | container_format | bare | | created_at | 2014-01-20T11:42:08 | | deleted | False | | deleted_at | None | | disk_format | qcow2 | | id | 52c81c50-3fac-45b0-bd3d-3c6e263b96f6 | | is_public | False | | min_disk | 0 | | min_ram | 0 | | name | dafna | | owner | d4aaa7c237054d408a65f40bb4ee74d0 | | protected | False | | size | 6442450945 | | status | active | | updated_at | 2014-01-20T11:42:08 | +------------------+--------------------------------------+ [root@cougar07 ~(keystone_admin)]# glance image-list +--------------------------------------+-------+-------------+------------------+------------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+-------+-------------+------------------+------------+--------+ | 52c81c50-3fac-45b0-bd3d-3c6e263b96f6 | dafna | qcow2 | bare | 6442450945 | active | +--------------------------------------+-------+-------------+------------------+------------+--------+ [root@cougar07 ~(keystone_admin)]# [root@cougar06 ~(keystone_admin)]# nova boot dafna --flavor 2 --image 52c81c50-3fac-45b0-bd3d-3c6e263b96f6 +--------------------------------------+--------------------------------------+ | Property | Value | +--------------------------------------+--------------------------------------+ | OS-EXT-STS:task_state | scheduling | | image | dafna | | OS-EXT-STS:vm_state | building | | OS-EXT-SRV-ATTR:instance_name | instance-0000000c | | OS-SRV-USG:launched_at | None | | flavor | m1.small | | id | 489ac8bb-336e-44db-a8bd-0fa2aba119fd | | security_groups | [{u'name': u'default'}] | | user_id | e6ee6034307247b78807be047bd10e76 | | OS-DCF:diskConfig | MANUAL | | accessIPv4 | | | accessIPv6 | | | progress | 0 | | OS-EXT-STS:power_state | 0 | | OS-EXT-AZ:availability_zone | nova | | config_drive | | | status | BUILD | | updated | 2014-01-20T11:44:21Z | | hostId | | | OS-EXT-SRV-ATTR:host | None | | OS-SRV-USG:terminated_at | None | | key_name | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | name | dafna | | adminPass | 47Q4iCZ2HTDg | | tenant_id | d4aaa7c237054d408a65f40bb4ee74d0 | | created | 2014-01-20T11:44:21Z | | os-extended-volumes:volumes_attached | [] | | metadata | {} | +--------------------------------------+--------------------------------------+ [root@cougar06 ~(keystone_admin)]# nova list +--------------------------------------+-------+--------+------------+-------------+--------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+-------+--------+------------+-------------+--------------------------+ | 489ac8bb-336e-44db-a8bd-0fa2aba119fd | dafna | BUILD | spawning | NOSTATE | novanetwork=192.168.32.3 | | 33d603d5-30d4-471f-ae9d-494b7d0014b5 | vol | ACTIVE | None | Running | novanetwork=192.168.32.2 | +--------------------------------------+-------+--------+------------+-------------+--------------------------+ [root@cougar06 ~(keystone_admin)]# nova list +--------------------------------------+--------+--------+------------+-------------+--------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+--------+--------+------------+-------------+--------------------------+ | b06dc972-7a1d-4ae6-a895-9eaf359090e4 | Dafna1 | ACTIVE | None | Running | novanetwork=192.168.32.4 | | 489ac8bb-336e-44db-a8bd-0fa2aba119fd | dafna | ACTIVE | None | Running | novanetwork=192.168.32.3 | | 33d603d5-30d4-471f-ae9d-494b7d0014b5 | vol | ACTIVE | None | Running | novanetwork=192.168.32.2 | +--------------------------------------+--------+--------+------------+-------------+--------------------------+
To be more precise. This report holds when glance is not able to *retrieve* the image size from the remote location. This is different from it not enforcing the quota for all images using `--location` The failure in the store size call can be related to many things. The url being wrong, the remote server not supporting the call we need - for instance, the HTTP store depends on the remote server support for HEAD requests - etc. There are some improvements going on in the stores already. The retrieve call I mentioned is here[0] That said, what this bug needs to address is whether checking the quota for remote locations is necessary or not. For instance, a remote location could be my own server outside the cloud provider. Why should the cloud provider enforce quota space on my own server? So, the current proposal is to either never enforce quota for remote locations or always enforce it and fail when the size couldn't be retrieve. A better fix, though, would be to have a list of store urls that have to be checked for quota space. All urls that are not in that list won't be checked. [0] https://github.com/openstack/glance/blob/master/glance/api/v1/images.py#L555
Although this may make sense for pre-configured locations (as in, let the user specify what locations should be counted for quota) I don't think this will happen any time soon. Neither in K nor L. I'm closing this as UPSTREAM and I'll let the community handle this request.