[openstack-dev] [nova][quotas] quota accounting for failed resource creation

Eoghan Glynn eglynn at redhat.com
Mon Dec 17 12:33:10 UTC 2012



> > Eoghan Glynn wrote:
> >
> > So the main point here is whether we really want to ensure
> > that quota isn't consumed for failed resource creation
> > attempts?
>
> Vishvananda Ishaya wrote:
> 
> I don't think we do. If something goes into ERROR it should still
> count against quota until it is explicitly deleted by the user.

OK, fair enough if that was a deliberate change in policy when
the nova scheduler run_instance logic was reworked for Folsom.

So if quota consumption for a new instance is no longer contingent
on a suitable host being found by the scheduler, should we also
stop having the quota deltas for an instance resize depend on
it successfully reaching the FINISH state?

Or is there a case for retaining the special quota handling logic
for resize, given the additional complexity involved? (i.e. it
being a two-stage process, with an explicit revert/confirm step).

> Malini Bhandaru wrote:
> 
> Vish's response -- error still counts as quota consumed till deleted
> jives, else it would leave open a way for denial of service by
> requesting error-prone activity,m example, starting up a VM with a
> bad image etc.

Yep, good point about DoS attack vulnerability.

Cheers,
Eoghan



More information about the OpenStack-dev mailing list