Add image location fails when show_multiple_locations = false

Bug #1595335 reported by Brad Pokorny on 2016-06-22
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Glance
Undecided
Unassigned

Bug Description

Background:
I'm working on getting full glance v2 support into Horizon with this patch: https://review.openstack.org/#/c/320039/

I provided the curl calls below for clarity to reproduce this, but Horizon uses python-glanceclient to send the REST api calls.

I reproduced this issue with the latest devstack as of 6/22/16 on ubuntu 14.04.

Steps to reproduce:

1. Create an image via the glance v2 api (seems to work fine):
curl -g -i -X POST -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: [token]' -H 'Content-Type: application/json' -d '{"name": "testimage", "container_format": "bare", "min_ram": 0, "disk_format": "iso", "visibility": "private", "protected": false, "min_disk": 0}' http://192.168.43.128:9292/v2/images

{"status": "queued", "name": "bradtest", "tags": [], "container_format": "bare", "created_at": "2016-06-22T13:29:03Z", "size": null, "disk_format": "iso", "updated_at": "2016-06-22T13:29:03Z", "visibility": "private", "self": "/v2/images/a507654f-9315-4677-ba68-417eedc49810", "min_disk": 0, "protected": false, "id": "a507654f-9315-4677-ba68-417eedc49810", "file": "/v2/images/a507654f-9315-4677-ba68-417eedc49810/file", "checksum": null, "owner": "21856121680744f9b8da04a3f9290c03", "virtual_size": null, "min_ram": 0, "schema": "/v2/schemas/image"}

2. Update the image with a location:
curl -g -i -X PATCH -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: [token]' -H 'Content-Type: application/openstack-images-v2.1-json-patch' -d '[{"path": "/locations/-", "value": {"url": "http://mirrors.liquidweb.com/CentOS/7/isos/x86_64/CentOS-7-x86_64-Minimal-1511.iso", "metadata": {}}, "op": "add"}]' http://192.168.43.128:9292/v2/images/a507654f-9315-4677-ba68-417eedc49810

The update call fails with this error:

403 Forbidden
It's not allowed to add locations if locations are invisible.

I see this in the glance-api log:

2016-06-22 07:17:35.083 29566 INFO eventlet.wsgi.server [req-ec3f939f-fa7c-4c79-804a-09a3b5904b8d 94c7ed5c69984ce39ea89bc1337807d7 21856121680744f9b8da04a3f9290c03 - - -] 192.168.43.128 - - [22/Jun/2016 07:17:35] "PATCH /v2/images/06afff49-8658-4e58-a28a-fd6e02a379c0 HTTP/1.1" 403 295 0.045951

If I set show_multiple_locations = true, the error doesn't occur. So that's a workaround, but there are security implications to setting that value.

It's entirely possible we're doing something wrong in Horizon when using the v2 api, but I'm wondering if this behavior from the v2 api is expected.

Changed in glance:
status: New → Confirmed
Brad Pokorny (bpokorny) wrote :

Tim Symanczyk pointed this out to me:
https://wiki.openstack.org/wiki/Glance-v2-v1-client-compatability

image-create and image-update with the --location option both say they're not implemented in v2. I'm not sure if that means specifying a location is no longer supposed to be supported in v2.

Christian Sarrasin (sxc731) wrote :

Rather bizarrely deploying stock stable/ocata using OpenStack-Ansible with the default 'file' store (for testing purposes) exhibits exactly the same issue albeit when attempting to *create* the image first time around; somehow Horizon appears to be using the 'PATCH' API for this purpose:

2017-07-26 13:40:31.382 3993 INFO eventlet.wsgi.server [req-5027458f-11f4-49a5-b5e9-849f7ea2aa37 d6922
5face9d4c128ad7ad22821bfc26 70ce254f7beb4aa59d72d11d95ba9149 - default default] 192.168.22.136,192.168
.22.23 - - [26/Jul/2017 13:40:31] "PATCH /v2/images/f1cd1b1d-d089-44c9-bfb0-b35b541c306b HTTP/1.1" 403
 290 0.134983

The workaround (setting show_multiple_locations=True) appears to work; although it's also worth noting that this option has been deprecated per https://bugs.launchpad.net/glance/+bug/1618583

Abel Lopez (al592b) wrote :

This option also appears required for creating instance snapshots when using ceph as a glance backend.

With the default:

<183>1 2017-08-15T20:34:06.223584+00:00 mcp3.lab014004.proxprod1.dfj.io glance-api 43552 - [MetaCloud@40521 levelname="DEBUG" component="glance-api" funcname="glance.api.v2.images" request_id="req-86916685-8f50-484f-be81-8d53df710d36" user="30d4c1531f6048dfb982f55163baa983" tenant="938b7c62b670480c8b8d315efd36d374" instance="" lineno="/usr/lib/python2.7/site-packages/glance/api/v2/images.py:795"] glance.api.v2.images There is not available location for image a5edc4c4-0027-4918-becc-c3f935ce846d _format_image /usr/lib/python2.7/site-packages/glance/api/v2/images.py:795

Setting `show_multiple_locations=True` lets snapshots work as expected.

hard (ihard) wrote :

In release Train the error is still relevant. Without the show_multiple_locations=True option, creating snapshots does not work. The option is listed as deprecated.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers