cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rafael Weingärtner (JIRA) <>
Subject [jira] [Commented] (CLOUDSTACK-9338) listAccount returns 0 for cputotal and memorytotal if VMs are using a ComputeOffering with custom=enabled
Date Thu, 01 Feb 2018 12:23:00 GMT


Rafael Weingärtner commented on CLOUDSTACK-9338:

I managed to find and reproduce the problem and test some different scenarios. My first experiment
was misleading. I mean, ACS is indeed accounting the resources properly when deploying VMs
with custom service offerings. However, there are other methods (such as updateResourceCount)
that do not execute the resource accounting properly, and these methods update the resource
count for an account in the database. Therefore, if a user deploys VMs with custom service
offerings, and later this user calls the “updateResourceCount” method, it (the method)
will only account for VMs with normal service offerings, and update this as the number of
resources used by the account. This will result in a smaller number of resources to be accounted
for the given account than the real used value. The problem becomes worse because if the user
starts to delete these VMs, it is possible to reach negative values of resources allocated
(breaking all of the resource limiting for accounts). This is a very serious attack vector
for public cloud providers!

> listAccount returns 0 for cputotal and memorytotal if VMs are using a ComputeOffering
with custom=enabled
> ---------------------------------------------------------------------------------------------------------
>                 Key: CLOUDSTACK-9338
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API, Cloudmonkey, UI
>    Affects Versions: 4.5.2, 4.8.0
>         Environment: CloudStack 4.5.1
> MariaDB 10.0 and 10.1
>            Reporter: Francois Scheurer
>            Assignee: Rafael Weingärtner
>            Priority: Major
> listAccount on a domain returns 0 for cputotal and memorytotal if the domain accounts
own VMs using a ComputeOffering with custom=enabled.
> Basically, looking into the vm_instance table you get the service_offering_id and in
the service_offering table you find normally the amount of CPU/RAM allocated for the VM.
> But if your VM's ComputeOffering has custom=enabled, then you need to get the specific
CPU/RAM values from the user_vm_details table:
> mysql> select * from user_vm_details WHERE vm_id=957;
> Apparently the listAccount code is not doing that and it just returns zero, because the
service_offering table has cpu=0 and ram_size=0 for ComputeOfferings with custom=enabled.
> solution: the SQL query of listAccount should also look in the user_vm_details table
for matching rows. (instead of just querying in the service_offering table)

This message was sent by Atlassian JIRA

View raw message