Mirantis OpenStack

nova allows to boot images with virtual size > root_gb specified in flavor

Bug #1427839 reported by Roman Podoliaka
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Fix Released
High
Roman Podoliaka
Mirantis OpenStack 6.1
6.0.x
Fix Released
High
Alexander Nevenchannyy
Mirantis OpenStack 6.0-mu-3
6.1.x
Fix Released
High
Roman Podoliaka
Mirantis OpenStack 6.1

Bug Description

Upstream bug: https://bugs.launchpad.net/nova/+bug/1429093

It's currently possible to boot an instance from a QCOW2 image, which has the virtual size larger than root_gb size specified in the given flavor.

Steps to reproduce:

1. Download a QCOW2 image (e.g. Cirros - https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-i386-disk.img)

2. Resize the image to a reasonable size:

qemu-img resize cirros-0.3.0-i386-disk.img +9G

3. Upload the image to Glance:

glance image-create --file cirros-0.3.0-i386-disk.img --name cirros-10GB --is-public True --progress --container-format bare --disk-format qcow2

4. Boot the first VM using a 'correct' flavor (root_gb > virtual size of the Cirros image), e.g. m1.small (root_gb = 20)

nova boot --image cirros-10GB --flavor m1.small demo-ok

5. Wait until the VM boots.

6. Boot the second VM using an 'incorrect' flavor (root_gb < virtual size of the Cirros image), e.g. m1.tiny (root_gb = 1):

nova boot --image cirros-10GB --flavor m1.tiny demo-should-fail

7. Wait until the VM boots.

Expected result:

demo-ok is in ACTIVE state
demo-should-fail is in ERROR state (failed with FlavorDiskTooSmall)

Actual result:

demo-ok is in ACTIVE state
demo-should-fail is in ACTIVE state

See original description
Roman Podoliaka (rpodolyaka)
information type: Public → Private Security
Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :
information type: Private Security → Public
Roman Podoliaka (rpodolyaka)
description: updated
Roman Podoliaka (rpodolyaka)
Changed in mos:
status: Triaged → In Progress
Roman Podoliaka (rpodolyaka)
description: updated
Roman Podoliaka (rpodolyaka)
Changed in mos:
assignee: MOS Nova (mos-nova) → Roman Podoliaka (rpodolyaka)
Roman Podoliaka (rpodolyaka)
tags: added: customer-found
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to openstack/nova (openstack-ci/fuel-6.1/2014.2)

Fix proposed to branch: openstack-ci/fuel-6.1/2014.2
Change author: Roman Podoliaka <email address hidden>
Review: https://review.fuel-infra.org/6132

Revision history for this message
OSCI Robot (oscirobot) wrote :

Fix proposed to branch: openstack-ci/fuel-6.1/2014.2
Review: https://review.fuel-infra.org/6132

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to openstack/nova (openstack-ci/fuel-6.1/2014.2)

Reviewed: https://review.fuel-infra.org/6132
Submitter: Roman Podoliaka <email address hidden>
Branch: openstack-ci/fuel-6.1/2014.2

Commit: 60160d34db581d7c4861c48771e4ce3299d0d765
Author: Roman Podoliaka <email address hidden>
Date: Thu Apr 23 16:40:09 2015

Forbid booting of QCOW2 images with virtual_size > root_gb

Currently, it's possible to boot an instance from a QCOW2 image,
which has virtual_size bigger than one allowed by the given flavor
(root_gb).

The issue is caused by two different problems in the code:

1) typo in get_disk_size() has made it always return None and
   effectively disabled verify_base_size() checks

2) Rbd image backend skips the verify_base_size() step for
   'cached' images (the one with base files), so it is possible to
   boot an instance using a larger flavor once and then use smaller
   flavors to boot the same image, even if allowed root_gb size is
   smaller than the image virtual size

Closes-Bug: #1427839

Conflicts:
 nova/tests/virt/libvirt/test_driver.py
 nova/tests/virt/libvirt/test_imagebackend.py

(cherry-picked from 69ef0200dd932d7938bbeffd03391597871d2ce2)

Change-Id: I383130e5f8cc288f4b428ed43fe4d3aba7169473

Revision history for this message
OSCI Robot (oscirobot) wrote :

Reviewed: https://review.fuel-infra.org/6132
Committed: https://review.fuel-infra.org/gitweb?p=openstack/nova.git;a=commitdiff;h=60160d34db581d7c4861c48771e4ce3299d0d765
Submitter: Roman Podoliaka
Branch: openstack-ci/fuel-6.1/2014.2

commit 60160d34db581d7c4861c48771e4ce3299d0d765
Author: Roman Podoliaka <email address hidden>

Forbid booting of QCOW2 images with virtual_size > root_gb

Currently, it's possible to boot an instance from a QCOW2 image,
which has virtual_size bigger than one allowed by the given flavor
(root_gb).

The issue is caused by two different problems in the code:

1) typo in get_disk_size() has made it always return None and
   effectively disabled verify_base_size() checks

2) Rbd image backend skips the verify_base_size() step for
   'cached' images (the one with base files), so it is possible to
   boot an instance using a larger flavor once and then use smaller
   flavors to boot the same image, even if allowed root_gb size is
   smaller than the image virtual size

Closes-Bug: #1427839

Conflicts:
 nova/tests/virt/libvirt/test_driver.py
 nova/tests/virt/libvirt/test_imagebackend.py

(cherry-picked from 69ef0200dd932d7938bbeffd03391597871d2ce2)

Change-Id: I383130e5f8cc288f4b428ed43fe4d3aba7169473

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to openstack/nova (openstack-ci/fuel-6.0.1/2014.2)

Fix proposed to branch: openstack-ci/fuel-6.0.1/2014.2
Change author: Roman Podoliaka <email address hidden>
Review: https://review.fuel-infra.org/6200

Revision history for this message
OSCI Robot (oscirobot) wrote :

Fix proposed to branch: openstack-ci/fuel-6.0.1/2014.2
Review: https://review.fuel-infra.org/6200

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to openstack/nova (openstack-ci/fuel-6.0-updates/2014.2)

Fix proposed to branch: openstack-ci/fuel-6.0-updates/2014.2
Change author: Roman Podoliaka <email address hidden>
Review: https://review.fuel-infra.org/6363

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to openstack/nova (openstack-ci/fuel-6.0-updates/2014.2)

Reviewed: https://review.fuel-infra.org/6363
Submitter: Vitaly Sedelnik <email address hidden>
Branch: openstack-ci/fuel-6.0-updates/2014.2

Commit: a7ff7a95a319138566a6049189a643b6267454b8
Author: Roman Podoliaka <email address hidden>
Date: Thu Apr 30 12:03:07 2015

Forbid booting of QCOW2 images with virtual_size > root_gb

Currently, it's possible to boot an instance from a QCOW2 image,
which has virtual_size bigger than one allowed by the given flavor
(root_gb).

The issue is caused by two different problems in the code:

1) typo in get_disk_size() has made it always return None and
   effectively disabled verify_base_size() checks

2) Rbd image backend skips the verify_base_size() step for
   'cached' images (the one with base files), so it is possible to
   boot an instance using a larger flavor once and then use smaller
   flavors to boot the same image, even if allowed root_gb size is
   smaller than the image virtual size

Closes-Bug: #1427839

Conflicts:
 nova/tests/virt/libvirt/test_driver.py
 nova/tests/virt/libvirt/test_imagebackend.py

(cherry picked from commit 60160d34db581d7c4861c48771e4ce3299d0d765)

Change-Id: I383130e5f8cc288f4b428ed43fe4d3aba7169473

Revision history for this message
Alexander Gubanov (ogubanov) wrote :

I've verified it on MOS 6.1 (build 395) - fixed!
Proof: http://paste.mirantis.net/show/418/

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Change abandoned on openstack/nova (openstack-ci/fuel-6.0.1/2014.2)

Change abandoned by Roman Podoliaka <email address hidden> on branch: openstack-ci/fuel-6.0.1/2014.2
Review: https://review.fuel-infra.org/6200

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.