yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1733289] Re: Image data stays in store (filesystem store) if image is deleted after staging call

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1733289@xxxxxxxxxxxxxxxxxx>
Date: Thu, 08 Feb 2018 19:47:36 -0000
Reply-to: Bug 1733289 <1733289@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/523029
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=7eb2fcc865e56cc81f287beb71d6c320dc2f336d
Submitter: Zuul
Branch:    master

commit 7eb2fcc865e56cc81f287beb71d6c320dc2f336d
Author: Abhishek Kekane <akekane@xxxxxxxxxx>
Date:   Mon Nov 27 06:36:09 2017 +0000

    Delete data if image is deleted after staging call
    
    Trying to delete image after staging call image gets deleted
    from the database, but image data remains in the
    staging area.
    
    Deleted image data from the staging area if image_import is
    enabled and image is in uploading state while deleting.
    
    Closes-Bug: #1733289
    Change-Id: I6ef1c05760a27a0b3620024003b49328c55f19a6


** Changed in: glance
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1733289

Title:
  Image data stays in store (filesystem store) if image is deleted after
  staging call

Status in Glance:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Trying to delete image after staging call image gets deleted from the
  database, but image data remains in the backend ('/tmp/staging'
  directory).

  NOTE: This issue will occur only if image-import is enabled in the
  deployment i.e. 'enable_image_import' is set to True in glance-
  api.conf

  Steps to reproduce:
  1. Create image
     $ glance image-create --container-format ami --disk-format ami --name test_image
  2. Add image to staging area using stage call
     $ glance image-stage <IMAGE_ID>
  3. Verify that image is uploaded to staging area i.e. in '/tmp/staging' area
     $ ls -la /tmp/staging/<IMAGE_ID>
     Output: -rw-r--r--. 1 centos centos 313 Nov 20 09:05 /tmp/staging/<IMAGE_ID>
  4. Delete the image
     $ glance image-delete <IMAGE_ID>
  5. Verify image-list does not show deleted image
     $ glance image-list
  6. Verify that image is still present in staging area i.e. in '/tmp/staging' area
     $ ls -la /tmp/staging/<IMAGE_ID>
     Output: -rw-r--r--. 1 centos centos 313 Nov 20 09:05 /tmp/staging/<IMAGE_ID>

  Image gets deleted from the database but image data presents in the
  staging area i.e. in '/tmp/staging' directory.

  Actually after deleting the image after staging call it should be
  cleared from staging area as well.

  Attack scenario here is to create/stage/delete a lot of large size
  images using DoS the temporary image backend by filling it up.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1733289/+subscriptions