yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1154661] Re: concurrent instance creation enables users to create more VMs than allowed in quota

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Michael Still <mikal@xxxxxxxxxxx>
Date: Wed, 13 Mar 2013 18:15:41 -0000
Reply-to: Bug 1154661 <1154661@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I think this is a known issue with essex quotas. The quota system saw a
significant re-write in folsom to address these concerns, but that
change is too large to backport to essex. With essex being so close to
end of life, I think your best course of action is to upgrade to folsom
if at all possible.

** Changed in: nova
       Status: New => Won't Fix

** Changed in: nova
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1154661

Title:
  concurrent instance creation enables users to create more VMs than
  allowed in quota

Status in OpenStack Compute (Nova):
  Won't Fix

Bug description:
  version: essex

  Upon concurrent VM creation, there seems to be a "time of check to
  time of use" bug in quota checking, which enables users to create more
  VMs than allowed in their quota.

  bug description:

  In function "_create_instance" in nova/compute/api.py, the quota is
  checked via calling "quota.allowed_instances." The nova.instances db
  is checked at this time and is updated later when the newly created VM
  is scheduled onto a compute host. If there are concurrent VM creation
  requests, then the total number of VMs can exceed the quota, because
  at the time of checking, the VMs being created are not counted.

  example:
  (assume that the API rate limit is disabled in /etc/nova/api-paste.ini so that a high number of VM creation requests can be processed concurrently.)

  With a default quota limit of 10 VMs, we tried to create 20 VMs
  concurrently and all requests succeeded.

  Injecting a print statement into the function "allowed_instances" in
  nova/quota.py, we obtained the following in log file nova/api.log
  related to the values of two local variables "allowed_instances" and
  "used_instances" at the time of quota checking for each VM creation.

  allowed_instances=10, used_instances=0
  allowed_instances=10, used_instances=0
  allowed_instances=10, used_instances=0
  allowed_instances=10, used_instances=0
  allowed_instances=10, used_instances=0
  allowed_instances=10, used_instances=0
  allowed_instances=10, used_instances=0
  allowed_instances=10, used_instances=0
  allowed_instances=9, used_instances=1
  allowed_instances=8, used_instances=2
  allowed_instances=8, used_instances=2
  allowed_instances=4, used_instances=6
  allowed_instances=3, used_instances=7
  allowed_instances=2, used_instances=8
  allowed_instances=2, used_instances=8
  allowed_instances=2, used_instances=8
  allowed_instances=2, used_instances=8
  allowed_instances=2, used_instances=8
  allowed_instances=2, used_instances=8
  allowed_instances=2, used_instances=8

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1154661/+subscriptions