yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #14138
[Bug 1316137] [NEW] glance --location images handling is hiding HTTP errors and uses incorrect HTTP codes...
Public bug reported:
1) Glance is hiding error messages when used with --location. If the URL
returns HTTP 404, glance is just ignoring it.
2) Reply to GET request to http://CENSORED:9292/v1/images/2e34a168-62ca-
412d-84bb-852fcaf2a391 contains header:
location: http://CENSORED:9292/v1/images/2e34a168-62ca-412d-84bb-
852fcaf2a391
which is referring the same URL. This feels weird.
3) It also replies with HTTP 200 in the case above, so why does the reply contain the "location" header?
How can it reply 200 when it couldn't have succeed to download the image?
[root@cloudimg ~(keystone_admin)]# glance image-create --location http://www.google.com/glance_handles_404_and_other_errors_incorrectly.html --is-public False --container-format bare --disk-format qcow2 --name 404.html; echo "exit code: $?"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2014-05-05T12:42:17 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 2e34a168-62ca-412d-84bb-852fcaf2a391 |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | 404.html |
| owner | 56be9abf0ca24193908472465157112f |
| protected | False |
| size | 0 |
| status | active |
| updated_at | 2014-05-05T12:42:17 |
+------------------+--------------------------------------+
exit code: 0
[root@cloudimg ~(keystone_admin)]# glance --debug image-download --file 404.html 404.html; echo "exit code: $?"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
curl -i -X GET -H 'X-Auth-Token: MIIO3wYJKoZIhvcNAQcCoIIO0DC...EcKIsfbUbm5A74Gg==' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://CENSORED:9292/v1/images/detail?limit=20&name=404.html
HTTP/1.1 200 OK
date: Mon, 05 May 2014 12:44:06 GMT
content-length: 425
content-type: application/json; charset=UTF-8
x-openstack-request-id: req-d1bb2f3a-31ea-4da8-b1a5-e8a021f6e122
{"images": [{"status": "active", "name": "404.html", "deleted": false,
"container_format": "bare", "created_at": "2014-05-05T12:42:17",
"disk_format": "qcow2", "updated_at": "2014-05-05T12:42:17", "min_disk":
0, "protected": false, "id": "2e34a168-62ca-412d-84bb-852fcaf2a391",
"min_ram": 0, "checksum": null, "owner":
"56be9abf0ca24193908472465157112f", "is_public": false, "deleted_at":
null, "properties": {}, "size": 0}]}
curl -i -X GET -H 'X-Auth-Token:
MIIO3wYJKoZIhvcNAQcCo...EcKIsfbUbm5A74Gg==' -H 'Content-Type:
application/octet-stream' -H 'User-Agent: python-glanceclient'
http://CENSORED:9292/v1/images/2e34a168-62ca-412d-84bb-852fcaf2a391
HTTP/1.1 200 OK
content-length: 0
x-image-meta-id: 2e34a168-62ca-412d-84bb-852fcaf2a391
date: Mon, 05 May 2014 12:44:07 GMT
x-image-meta-deleted: False
x-image-meta-container_format: bare
x-image-meta-protected: False
x-image-meta-min_disk: 0
x-image-meta-created_at: 2014-05-05T12:42:17
x-image-meta-size: 0
x-image-meta-status: active
location: http://CENSORED:9292/v1/images/2e34a168-62ca-412d-84bb-852fcaf2a391
x-image-meta-is_public: False
x-image-meta-min_ram: 0
x-image-meta-owner: 56be9abf0ca24193908472465157112f
x-image-meta-updated_at: 2014-05-05T12:42:17
content-type: application/octet-stream
x-openstack-request-id: req-7796b7dc-476a-477d-a480-6025c874ab0e
x-image-meta-disk_format: qcow2
x-image-meta-name: 404.html
exit code: 0
[root@cloudimg ~(keystone_admin)]# hexdump 404.html -C
[root@cloudimg ~(keystone_admin)]#
[root@cloudimg ~(keystone_admin)]# du 404.html
0 404.html
Note there is no ERROR nor WARNING in the log. I am quite OK with that,
but the end user should be notified with ERRORs when the glance image-
download fails.
** Affects: glance
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1316137
Title:
glance --location images handling is hiding HTTP errors and uses
incorrect HTTP codes...
Status in OpenStack Image Registry and Delivery Service (Glance):
New
Bug description:
1) Glance is hiding error messages when used with --location. If the
URL returns HTTP 404, glance is just ignoring it.
2) Reply to GET request to http://CENSORED:9292/v1/images/2e34a168
-62ca-412d-84bb-852fcaf2a391 contains header:
location: http://CENSORED:9292/v1/images/2e34a168-62ca-412d-84bb-
852fcaf2a391
which is referring the same URL. This feels weird.
3) It also replies with HTTP 200 in the case above, so why does the reply contain the "location" header?
How can it reply 200 when it couldn't have succeed to download the image?
[root@cloudimg ~(keystone_admin)]# glance image-create --location http://www.google.com/glance_handles_404_and_other_errors_incorrectly.html --is-public False --container-format bare --disk-format qcow2 --name 404.html; echo "exit code: $?"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2014-05-05T12:42:17 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 2e34a168-62ca-412d-84bb-852fcaf2a391 |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | 404.html |
| owner | 56be9abf0ca24193908472465157112f |
| protected | False |
| size | 0 |
| status | active |
| updated_at | 2014-05-05T12:42:17 |
+------------------+--------------------------------------+
exit code: 0
[root@cloudimg ~(keystone_admin)]# glance --debug image-download --file 404.html 404.html; echo "exit code: $?"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
curl -i -X GET -H 'X-Auth-Token: MIIO3wYJKoZIhvcNAQcCoIIO0DC...EcKIsfbUbm5A74Gg==' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://CENSORED:9292/v1/images/detail?limit=20&name=404.html
HTTP/1.1 200 OK
date: Mon, 05 May 2014 12:44:06 GMT
content-length: 425
content-type: application/json; charset=UTF-8
x-openstack-request-id: req-d1bb2f3a-31ea-4da8-b1a5-e8a021f6e122
{"images": [{"status": "active", "name": "404.html", "deleted": false,
"container_format": "bare", "created_at": "2014-05-05T12:42:17",
"disk_format": "qcow2", "updated_at": "2014-05-05T12:42:17",
"min_disk": 0, "protected": false, "id": "2e34a168-62ca-412d-84bb-
852fcaf2a391", "min_ram": 0, "checksum": null, "owner":
"56be9abf0ca24193908472465157112f", "is_public": false, "deleted_at":
null, "properties": {}, "size": 0}]}
curl -i -X GET -H 'X-Auth-Token:
MIIO3wYJKoZIhvcNAQcCo...EcKIsfbUbm5A74Gg==' -H 'Content-Type:
application/octet-stream' -H 'User-Agent: python-glanceclient'
http://CENSORED:9292/v1/images/2e34a168-62ca-412d-84bb-852fcaf2a391
HTTP/1.1 200 OK
content-length: 0
x-image-meta-id: 2e34a168-62ca-412d-84bb-852fcaf2a391
date: Mon, 05 May 2014 12:44:07 GMT
x-image-meta-deleted: False
x-image-meta-container_format: bare
x-image-meta-protected: False
x-image-meta-min_disk: 0
x-image-meta-created_at: 2014-05-05T12:42:17
x-image-meta-size: 0
x-image-meta-status: active
location: http://CENSORED:9292/v1/images/2e34a168-62ca-412d-84bb-852fcaf2a391
x-image-meta-is_public: False
x-image-meta-min_ram: 0
x-image-meta-owner: 56be9abf0ca24193908472465157112f
x-image-meta-updated_at: 2014-05-05T12:42:17
content-type: application/octet-stream
x-openstack-request-id: req-7796b7dc-476a-477d-a480-6025c874ab0e
x-image-meta-disk_format: qcow2
x-image-meta-name: 404.html
exit code: 0
[root@cloudimg ~(keystone_admin)]# hexdump 404.html -C
[root@cloudimg ~(keystone_admin)]#
[root@cloudimg ~(keystone_admin)]# du 404.html
0 404.html
Note there is no ERROR nor WARNING in the log. I am quite OK with
that, but the end user should be notified with ERRORs when the glance
image-download fails.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1316137/+subscriptions
Follow ups
References
