Bug 1597735 - [RHOSP13] Cinder quota could be bypassed by normal user
Summary: [RHOSP13] Cinder quota could be bypassed by normal user
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z2
: 13.0 (Queens)
Assignee: Alan Bishop
QA Contact: Avi Avraham
Kim Nylander
URL:
Whiteboard:
Depends On:
Blocks: 1584499 1597737
TreeView+ depends on / blocked
 
Reported: 2018-07-03 14:27 UTC by Alan Bishop
Modified: 2021-12-10 16:39 UTC (History)
8 users (show)

Fixed In Version: openstack-cinder-12.0.3-2.el7ost
Doc Type: Bug Fix
Doc Text:
Previously, Cinder incorrectly updated the quotas when deleting a temporary volume, for example, the temporary volume Cinder uses when performing a forced backup. Operations that require Cinder as a temporary volume resulted in corrupted quotas. Cinder now correctly handles quotas when deleting a temporary volume. Creating a force backup no longer results in corrupted quotas.
Clone Of: 1584499
: 1597737 (view as bug list)
Environment:
Last Closed: 2018-08-29 16:21:46 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1778774 0 None None None 2018-07-03 14:27:31 UTC
OpenStack gerrit 578201 0 'None' 'MERGED' 'Fix quota error when deleting temporary volume' 2019-11-25 17:52:03 UTC
OpenStack gerrit 579267 0 'None' 'MERGED' 'Fix quota error when deleting temporary volume' 2019-11-25 17:52:03 UTC
Red Hat Issue Tracker OSP-11449 0 None None None 2021-12-10 16:39:22 UTC
Red Hat Product Errata RHBA-2018:2594 0 None None None 2018-08-29 16:22:02 UTC

Description Alan Bishop 2018-07-03 14:27:32 UTC 
Quota errors occur when Cinder creates a temporary volume to handle operations such as backing up another in-use volume.

+++ This bug was initially created as a clone of Bug #1584499 +++
Comment 6 Tzach Shefi 2018-08-07 04:01:50 UTC 
Verified on: 
openstack-cinder-12.0.3-2.el7ost.noarch


Initial quota (no volume) of a demo project/user

cinder quota-usage d44764a39871480aa6c14763ef8126c4  
+----------------------+--------+----------+-------+-----------+
| Type                 | In_use | Reserved | Limit | Allocated |
+----------------------+--------+----------+-------+-----------+
| backup_gigabytes     | 0      | 0        | 1000  |           |
| backups              | 0      | 0        | 10    |           |
| gigabytes            | 0      | 0        | 1000  |           |
| groups               | 0      | 0        | 10    |           |
| per_volume_gigabytes | 0      | 0        | -1    |           |
| snapshots            | 0      | 0        | 10    |           |
| volumes              | 0      | 0        | 10    |           |
+----------------------+--------+----------+-------+-----------+

All operations below were done on demo project/user 
cinder create 2
id                           | d59b523b-268b-43d1-91bc-04b1cc295bcf

cinder quota-usage d44764a39871480aa6c14763ef8126c4
+----------------------+--------+----------+-------+-----------+
| Type                 | In_use | Reserved | Limit | Allocated |
+----------------------+--------+----------+-------+-----------+
| backup_gigabytes     | 0      | 0        | 1000  |           |
| backups              | 0      | 0        | 10    |           |
| gigabytes            | 2      | 0        | 1000  |           |
| groups               | 0      | 0        | 10    |           |
| per_volume_gigabytes | 0      | 0        | -1    |           |
| snapshots            | 0      | 0        | 10    |           |
| volumes              | 1      | 0        | 10    |           |
+----------------------+--------+----------+-------+-----------+


Boot an instance attach volume
nova volume-attach ceddad6b-6bd5-45b5-9094-9ae52a49ef07 d59b523b-268b-43d1-91bc-04b1cc295bcf auto

cinder backup-create d59b523b-268b-43d1-91bc-04b1cc295bcf --force
During backup
Every 5.0s: cinder quota-usage d44764a39871480aa6c14763ef8126c4                                                                                          Mon Aug  6 23:43:53 2018

+----------------------+--------+----------+-------+-----------+
| Type                 | In_use | Reserved | Limit | Allocated |
+----------------------+--------+----------+-------+-----------+
| backup_gigabytes     | 2      | 0        | 1000  |           |
| backups              | 1      | 0        | 10    |           |
| gigabytes            | 2      | 0        | 1000  |           |
| groups               | 0      | 0        | 10    |           |
| per_volume_gigabytes | 0      | 0        | -1    |           |
| snapshots            | 0      | 0        | 10    |           |
| volumes              | 1      | 0        | 10    |           |
+----------------------+--------+----------+-------+-----------+


Post backup
cinder quota-usage d44764a39871480aa6c14763ef8126c4
+----------------------+--------+----------+-------+-----------+
| Type                 | In_use | Reserved | Limit | Allocated |
+----------------------+--------+----------+-------+-----------+
| backup_gigabytes     | 2      | 0        | 1000  |           |
| backups              | 1      | 0        | 10    |           |
| gigabytes            | 2      | 0        | 1000  |           |
| groups               | 0      | 0        | 10    |           |
| per_volume_gigabytes | 0      | 0        | -1    |           |
| snapshots            | 0      | 0        | 10    |           |
| volumes              | 1      | 0        | 10    |           |
+----------------------+--------+----------+-------+-----------+


As expected on a none admin project/user (demo) Cinder's quota remains on 2G as expected before during and after a forced backup of an in use volume.
Comment 8 errata-xmlrpc 2018-08-29 16:21:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2594
Note You need to log in before you can comment on or make changes to this bug.