Floor division in size usage calculation leads to surprising quota limits
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
In Progress
|
Undecided
|
Unassigned |
Bug Description
Colleagues working downstream found a slight discrepancy in quota enforcement while working with the new unified quota system.
If we set the image_size_total quota to 1 MiB, the actual limit where quota enforcement turns on is 2 MiB - 1 byte:
openstack --os-cloud devstack-
openstack image list -f value -c ID | xargs -r openstack image delete
openstack image create --file <( dd if=/dev/zero bs=1 count=$(( 2 * 1024 ** 2 - 1 )) ) img1 ## succeeds
openstack image create --file <( dd if=/dev/zero bs=1 count=1 ) img2 ## succeeds
openstack image list -f value -c ID | xargs -r openstack image delete
openstack image create --file <( dd if=/dev/zero bs=1 count=$(( 2 * 1024 ** 2 )) ) img1 ## succeeds
openstack image create --file <( dd if=/dev/zero bs=1 count=1 ) img2 ## HttpException: 413: ... Request Entity Too Large
This bug report is not about the size of img1 - we know that the limit is soft and img1 can go over the quota - but the success/failure of 'image create img2'.
I believe the root cause is an integer/floor division when calculating the usage in megabytes. My colleagues also proposed a fix, which I am going to upload right after opening this ticket.
Environment details:
glance 199722a65
devstack 0d5c8d66
Quota setup as described in: https:/
$ for opt in image_stage_total image_count_total image_count_
$ openstack --os-cloud devstack-
+------
| Field | Value |
+------
| default_limit | 1 |
| description | None |
| id | 828fe62d931449d
| region_id | RegionOne |
| resource_name | image_size_total |
| service_id | 3400473cffa047e
+------
$ source openrc admin admin
$ openstack user create --password devstack glance-service
+------
| Field | Value |
+------
| domain_id | default |
| enabled | True |
| id | 43268355b8f64d3
| name | glance-service |
| options | {} |
| password_expires_at | None |
+------
$ openstack role add --user glance-service --user-domain Default --system all reader
$ echo $OS_AUTH_URL
http://
$ openstack endpoint list --service glance
+------
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+------
| 92995b7a7644450
+------
$ vi /etc/glance/
[DEFAULT]
use_keystone_limits = True
[oslo_limit]
auth_url = http://
auth_type = password
user_domain_id = default
username = glance-service
system_scope = all
password = devstack
endpoint_id = 92995b7a7644450
region_name = RegionOne
$ sudo systemctl restart <email address hidden>
Fix proposed to branch: master /review. opendev. org/c/openstack /glance/ +/866584
Review: https:/