Glance

Glance quota only enforced when we do size check on create image

Bug #1270798 reported by Dafna Ron on 2014-01-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Confirmed	Low	Akanksha Srivastava

Bug Description

if I set user_storage_quota = 2 it should fail image create.
but since --location does not check image size during create, the quota is not enforced during create.
since the quota is not implemented during image download, we basically have an easy way of bypassing the quota...

to reproduce:

1. change user_storage_quota = 2 in user_storage_quota = 2
2. create an image using --location from any iso.
3. boot an instance from the image

Results:

The image will be created and we can boot instances from it -> hence quota is not enforced.

expected results:

I think that we should either enforce the quota on image download and not image create or we can block using --location when we enforce the quota.

Revision history for this message

Flavio Percoco (flaper87) wrote on 2014-01-20:

If the remote location doesn't return the image size, then there's not much we can do there. So, either we always allow images using `--location` to be created or we don't allow them at all when quota size is enabled.

A third option would be to have a `enforce_quota_on_locations` flag that enables / disables this behaviour. I'm a bit against it because I don't want to add another configuration option for this.

Flavio Percoco (flaper87) on 2014-01-20

Changed in glance:
status:	New → Confirmed
importance:	Undecided → Low

Revision history for this message

Flavio Percoco (flaper87) wrote on 2014-01-21:

A fourth option would be to have a list of store urls that have to be checked for quota space. All urls that are not in that list won't be checked.

I'm leaning towards this fourth option. It seems more flexible and won't prevent users to have their own store outside the cloud provider - in which case enforcing quota doesn't make sense at all.

Revision history for this message

Dafna Ron (dron-3) wrote on 2014-01-21:

my fear is that a user can simply "cheat" and bypass the quota, so as long as only admin user can add url to the list this should be fine - other wise this would be redundant :)

Tushar Bankar (tushar-bankar) on 2014-03-21

Changed in glance:
assignee:	nobody → Tushar Bankar (tushar-bankar)

Tushar Bankar (tushar-bankar) on 2014-04-23

Changed in glance:
assignee:	Tushar Bankar (tushar-bankar) → nobody

Saranya Pandian (saranya-pandian) on 2014-04-23

Changed in glance:
assignee:	nobody → Saranya Pandian (saranya-pandian)

Revision history for this message

Flavio Percoco (flaper87) wrote on 2015-01-27:

Un-assigning for inactivity. Waiting for @zhiyan's comments on this bug

Changed in glance:
assignee:	Saranya Pandian (saranya-pandian) → nobody

Akanksha Srivastava (akanksha-dlf) on 2015-09-16

Changed in glance:
assignee:	nobody → Akanksha Srivastava (akanksha-dlf)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.