OpenStack Compute (nova)

No size restrictions in place for Images and Kernels

Bug #723996 reported by Antony Messerli on 2011-02-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	High	Johannes Erdfelt	OpenStack Compute (nova) 2011.3 "diablo"

Bug Description

There are currently no restrictions on the size of images or kernels that can be uploaded. Without restrictions, a hypervisors filesystem could be filled with junk data.

Related branches

lp:~johannes.erdfelt/nova/bug723996

Merged into lp:~hudson-openstack/nova/trunk at revision 1090

Vish Ishaya (community): Approve on 2011-05-20

Cory Wright (community): Needs Information on 2011-05-04

Rick Harris (community): Approve on 2011-04-18

Devin Carlen (community): Approve on 2011-04-13

Brian Waldon (community): Approve on 2011-04-12

Revision history for this message

Jay Pipes (jaypipes) wrote on 2011-02-24:

Hi! What would you propose would be a size limit? Or should it be configurable? Configurable by backend? In other words, filesystem backend could be different size limit from Swift backend?

Revision history for this message

Antony Messerli (antonym) wrote on 2011-02-24:

In order to be flexible, the size limit should be configurable. The main idea is to protect the hypervisor and prevent situations where large kernels or images were registered on purpose to cause host issues. For example, XenServer only provides 4GB for dom0. For builds with kernels outside of the instance, they are stored on the dom0 filesystem in /boot/guest and at a certain point could fill up the filesystem if not kept in check.

In talking with Rick Harris it would probably be set at the compute layer, either a limit per image or file, or an overall filesystem percentage free space check.

Revision history for this message

Jay Pipes (jaypipes) wrote on 2011-02-24:

OK, thx Ant! Moving to the Nova project, as Rick says, better to do the limiting at the compute layer.

affects:

glance → nova

Revision history for this message

Thierry Carrez (ttx) wrote on 2011-03-03:

Setting as High due to potential security implications

Changed in nova:
importance:	Undecided → High
status:	New → Confirmed

Sandy Walsh (sandy-walsh) on 2011-04-06

Changed in nova:
assignee:	nobody → Johannes Erdfelt (johannes.erdfelt)

Johannes Erdfelt (johannes.erdfelt) on 2011-04-12

Changed in nova:
status:	Confirmed → In Progress

Thierry Carrez (ttx) on 2011-05-20

Changed in nova:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2011-06-02

Changed in nova:
milestone:	none → diablo-1

Thierry Carrez (ttx) on 2011-09-22

Changed in nova:
milestone:	diablo-1 → 2011.3
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.