OpenStack Heat

Users can fill up the events table

Bug #1209492 reported by Clint Byrum
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
High
Clint Byrum
OpenStack Heat 2013.2 "havana"

Bug Description

A user can very easily create an infinite amount of logs if they have access to Heat, leading to a very large events table.

 - Create stack with many thousands of AWS::AutoScaling::LaunchConfiguration resources.
 - Update stack changing something that requires replacement of the launchconfiguration in a loop.
 - Every update will involve 4 events for every resource, delete in progress, delete complete, create in progress, create complete.

Testing with Heat running on a single vcpu VM on my i7 laptop with a slow disk and an intentionally poorly tuned mysql (to amplify mysql performance problems):

With a 10 resource yaml, I was able to create 200 events in 1 minute.
With a 100 resource yaml, I was able to create 500 events in 1 minute.
With a 1000 resource yaml, Heat had problems updating it, and mysql started having issues because the table got fairly large at around 2000 events (working set exceeded innodb_buffer_pool_size so we were disk limited).

After around 3500 evensts, event-list started giving odd json errors.

See original description
Steven Hardy (shardy)
Changed in heat:
milestone: none → havana-rc1
Clint Byrum (clint-fewbar)
description: updated
Clint Byrum (clint-fewbar)
Changed in heat:
status: Triaged → In Progress
assignee: nobody → Clint Byrum (clint-fewbar)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to heat (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/48154

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/48155

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to heat (master)

Reviewed: https://review.openstack.org/48154
Committed: http://github.com/openstack/heat/commit/dfb90616edb1808051ef743e7eb60d007a8ceb6e
Submitter: Jenkins
Branch: master

commit dfb90616edb1808051ef743e7eb60d007a8ceb6e
Author: Clint Byrum <email address hidden>
Date: Tue Sep 24 10:22:13 2013 -0700

    Add method to count events by stack

    We need this method to efficiently count events by stack to allow
    pruning them if there are too many.

    Change-Id: Ifd5ed78e37a14116497f8bc008739ee9938e194d
    Related-Bug: #1209492

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/48155
Committed: http://github.com/openstack/heat/commit/32260776443fd5d6cbb8dd2af3fd4c2fea2c1a6d
Submitter: Jenkins
Branch: master

commit 32260776443fd5d6cbb8dd2af3fd4c2fea2c1a6d
Author: Clint Byrum <email address hidden>
Date: Tue Sep 24 15:25:32 2013 -0700

    Provide config option to cap events per stack

    Previously users could write to the events table infinitely. With this
    change Heat will automatically prune some events if the maximum is
    reached. The behavior can be disabled by setting max_events_per_stack to
    zero.

    Change-Id: I4fb2fefbd9bcd10ce1767ddf58a870206a6482a1
    Fixes-Bug: #1209492

Changed in heat:
status: In Progress → Fix Committed
Revision history for this message
Faramir (faramir) wrote : AUTO: Hai Liang Wang is on vacation from 09-29 to 10-08 (returning 10/09/2013)

I am out of the office until 10/09/2013.

Conact me by phone for anything urgency.
Phone Number - 15801213126 . thanks !

Note: This is an automated response to your message "[Bug 1209492] Re:
Users can fill up the events table" sent on 09/28/2013 23:31:59.

This is the only notification you will receive while this person is away.

Thierry Carrez (ttx)
Changed in heat:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in heat:
milestone: havana-rc1 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.