1597737 – [RHOSP12] Cinder quota could be bypassed by normal user

Bug 1597737 - [RHOSP12] Cinder quota could be bypassed by normal user

Summary: [RHOSP12] Cinder quota could be bypassed by normal user

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-cinder
Sub Component:
Version:	12.0 (Pike)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	12.0 (Pike)
Assignee:	Alan Bishop
QA Contact:	Avi Avraham
Docs Contact:	Kim Nylander
URL:
Whiteboard:
Depends On:	1597735
Blocks:	1584499
TreeView+	depends on / blocked

Reported:	2018-07-03 14:32 UTC by Alan Bishop
Modified:	2021-12-10 16:37 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-cinder-11.1.0-16.el7ost
Doc Type:	Bug Fix
Doc Text:	Previously, Cinder updated quotas incorrectly when deleting a temporary volume and operations that required that Cinder use a temporary volume resulted in corrupted quotas. With this update, Cinder handles quote correctly when deleting temporary volumes.
Clone Of:	1597735
Environment:
Last Closed:	2018-12-05 18:49:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1670636	None	None	None	2018-07-03 14:32:15 UTC
Launchpad	1778774	None	None	None	2018-07-03 14:32:15 UTC
OpenStack gerrit	578201	None	None	None	2018-07-03 14:32:15 UTC
Red Hat Issue Tracker	OSP-11437	None	None	None	2021-12-10 16:37:09 UTC
Red Hat Product Errata	RHBA-2018:3785	None	None	None	2018-12-05 18:49:43 UTC

Description Alan Bishop 2018-07-03 14:32:16 UTC

+++ This bug was initially created as a clone of Bug #1597735 +++

Quota errors occur when Cinder creates a temporary volume to handle operations such as backing up another in-use volume.

+++ This bug was initially created as a clone of Bug #1584499 +++

Comment 9 Tzach Shefi 2018-11-19 03:50:09 UTC

Verified on:
openstack-cinder-11.1.0-22.el7ost.noarch

Create demo user/tenant
create a demorc file 

default 
cinder quota-usage 486158670a564c27846378a68341026d
+----------------------+--------+----------+-------+
| Type                 | In_use | Reserved | Limit |
+----------------------+--------+----------+-------+
| backup_gigabytes     | 0      | 0        | 1000  |
| backups              | 0      | 0        | 10    |
| gigabytes            | 0      | 0        | 1000  |
| groups               | 0      | 0        | 10    |
| per_volume_gigabytes | 0      | 0        | -1    |
| snapshots            | 0      | 0        | 10    |
| volumes              | 0      | 0        | 10    |
+----------------------+--------+----------+-------+

cinder create 1 

cinder quota-usage 486158670a564c27846378a68341026d
+----------------------+--------+----------+-------+
| Type                 | In_use | Reserved | Limit |
+----------------------+--------+----------+-------+
| backup_gigabytes     | 0      | 0        | 1000  |
| backups              | 0      | 0        | 10    |
| gigabytes            | 1      | 0        | 1000  |
| groups               | 0      | 0        | 10    |
| per_volume_gigabytes | 0      | 0        | -1    |
| snapshots            | 0      | 0        | 10    |
| volumes              | 1      | 0        | 10    |
+----------------------+--------+----------+-------+


nova boot kuku --flavor tiny --image cirros --nic net-id=5650ecec-2b10-4a36-9221-f35530de6c84


attach vol 
nova volume-attach ee901675-eb37-4250-a96c-cbb18df8f6da 3fb04e34-2ede-4932-8258-b8519d4cbb70 auto

cinder backup-create 3fb04e34-2ede-4932-8258-b8519d4cbb70 --force 
+-----------+--------------------------------------+
| Property  | Value                                |
+-----------+--------------------------------------+
| id        | 46ceaa20-86cd-41d4-bca9-af1ba6bd0336 |
| name      | None                                 |
| volume_id | 3fb04e34-2ede-4932-8258-b8519d4cbb70 |
+-----------+--------------------------------------+

During and after backup quota remains an expected:
cinder quota-usage 486158670a564c27846378a68341026d
+----------------------+--------+----------+-------+
| Type                 | In_use | Reserved | Limit |
+----------------------+--------+----------+-------+  
| backup_gigabytes     | 1      | 0        | 1000  |  -> OK
| backups              | 1      | 0        | 10    |  -> OK
| gigabytes            | 1      | 0        | 1000  |
| groups               | 0      | 0        | 10    |
| per_volume_gigabytes | 0      | 0        | -1    |
| snapshots            | 0      | 0        | 10    |
| volumes              | 1      | 0        | 10    |  -> OK
+----------------------+--------+----------+-------+

Comment 11 errata-xmlrpc 2018-12-05 18:49:12 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3785

Note You need to log in before you can comment on or make changes to this bug.