Glance

no size check when using http to create an image

Bug #1220744 reported by Dafna Ron
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Medium
Zhi Yan Liu
Glance 2013.2 "havana"
Glance Client
Invalid
Undecided
Unassigned

Bug Description

if I create an image from file and use --size which is smaller than the image on file we would fail with the below error:

root@opens-XXXX ~(keystone_admin)]# glance image-create --name rhevm_image --disk-format qcow2 --container-format bare --file /tmp/39f89a6a-7fbb-43c0-a5ea-19b271f51829 --size 1
Request returned failure status.
400 Bad Request
Supplied size (1) and size generated from uploaded image (1440612352) did not match. Setting image status to 'killed'.
    (HTTP 400)

but if I create an image from http and use a smaller size the image is created:

[root@opens-XXX ~(keystone_admin)]# glance image-create --name human --disk-format qcow2 --container-format bare --location http://XXXXXXX --human-readable --size 1

+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2013-09-04T14:18:05 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 55d45384-6b4b-40c6-b399-639b03c06c3b |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | human |
| owner | ad326a6c11a742c6bfdf4ad63be0c889 |
| protected | False |
| size | 1B |
| status | active |
| updated_at | 2013-09-04T14:18:05 |
+------------------+--------------------------------------+

[root@opens-XXXX ~(keystone_admin)]# glance image-list
+--------------------------------------+-------------+-------------+------------------+------------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+-------------+-------------+------------------+------------+--------+
| 55d45384-6b4b-40c6-b399-639b03c06c3b | human | qcow2 | bare | 1 | active |
|+--------------------------------------+-------------+-------------+------------------+------------+--------+

if size is too small we should not allow the create of the image from http as well

Revision history for this message
Flavio Percoco (flaper87) wrote :

This is a bit tricky.

Using location means you're telling Glance where the image *already* is. In order to verify the size, it'd be necessary to get the size from the storage backend, however, in some cases it is possible that the storage itself doesn't know the size of the image.

For example, if it's an http location, it'd necessary to send a HEAD request to the remote location (assuming the server supports it) and get the Content-Length from the response's headers but, if the response does not contain that header, then there's no other way to know the image size unless we download it locally, which is not feasible.

Revision history for this message
Dafna Ron (dron-3) wrote :

agreed that its tricky.
can we do any of these?
1. block --size completely when using http to create an image
2. add this to the --size help for glance image-create.

Revision history for this message
Flavio Percoco (flaper87) wrote :

We could probably "ignore" --size when using --location and try to get the size from the remote location w/o any guarantee of success.

This definitely needs some discussion, I'll bring it up in one of the next meetings.

Revision history for this message
John Bresnahan (jbresnah) wrote :

In my opinion this is part of the import/export image work. At the moment nothing on a image in an external location is vetted. Not the size, the checksum, disk format, container format (probably others). The import/export work has been designed to handle these cases (and others).

That said we may be wable to solve this in the short term by calling get_size() on each storage systems glance.store.base.Store object and raising an exception if it does not match the size the user provided.

Mark Washenberger (markwash)
Changed in glance:
status: New → Triaged
importance: Undecided → Medium
Zhi Yan Liu (lzy-dev)
Changed in glance:
assignee: nobody → Zhi Yan Liu (lzy-dev)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to glance (master)

Fix proposed to branch: master
Review: https://review.openstack.org/47718

Changed in glance:
status: Triaged → In Progress
Mark Washenberger (markwash)
Changed in glance:
milestone: none → havana-rc1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/47718
Committed: http://github.com/openstack/glance/commit/acf805234ff0a922bedb47eb292f18a355e7cc57
Submitter: Jenkins
Branch: master

commit acf805234ff0a922bedb47eb292f18a355e7cc57
Author: Zhi Yan Liu <email address hidden>
Date: Sun Sep 22 14:14:02 2013 +0800

    Adding checking to prevent conflict image size

    Adding necessary checking to api v1 controller, to prevent client
    provide conflict image size by '--location' and '--size' arguments.

    Fixes bug: 1220744
    docImpact

    Change-Id: I0b846dd885ea6b675495058ac038eb9b5777fb81
    Signed-off-by: Zhi Yan Liu <email address hidden>

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in glance:
milestone: havana-rc1 → 2013.2
Revision history for this message
Ian Cordasco (icordasc) wrote :

This seems to have been fixed server-side and there are too many cases to handle on the client side to fix this there. I'm marking this as invalid. If there's renewed interest in this, we can always reopen it.

Changed in python-glanceclient:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.