Upload/Import image continues consuming glance host cpu/memory/network/disk resources even after the image is deleted
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Incomplete
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
This issue is related to the already fixed security issue 1398830.
Steps to reproduce this problem
1. Upload image by passing image location in the copy_from parameter using v1 version or use import task api for importing image using v2 version.
2. When the image is in the 'saving' status, delete the image. Presently, it allows you to delete the image in the 'saving' state.
3. Uploading of image is performed asynchronously in a separate eventlet thread so there is no way to stop it until upload is complete and later while updating the metadata it finds the image is deleted so it cleans up the image data properly.
If you keep on creating new images, uploading big size of images (5GB) and delete it immediately while images are is in 'saving' state, then it will consume glance host CPU/Memory/Network resources without putting any burden on the user (billing point of view). Also, at some point it is quite possible the total size of image data in the backend for a particular tenant could go beyond user_storage_quota for a temporarily period.
Expected behavior: Uploading of image should be stopped immediately after the image is deleted.
Problem: Image location is not available in the delete image method while it is in saving status as it is added only after
the image data is uploaded successfully to the backend.
description: | updated |
Changed in glance: | |
importance: | Critical → Undecided |
summary: |
- Upload/Import image continues consuming glance host cpu/memory/network - resources even after the image is deleted + Upload/Import image continues consuming glance host + cpu/memory/network/disk resources even after the image is deleted |
Changed in glance: | |
milestone: | kilo-3 → kilo-rc1 |
Changed in glance: | |
milestone: | kilo-rc1 → liberty-1 |
description: | updated |
Changed in glance: | |
milestone: | liberty-1 → none |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.