OpenStack Error Guide: '413 Request Entity Too Large' — Fix Glance Image Upload Rejection
Fix Glance '413 Request Entity Too Large' image upload errors: diagnose image_size_cap, per-user storage quota, HAProxy/proxy body-size limits, and store capacity in Kolla-Ansible OpenStack.
- #openstack
- #troubleshooting
- #errors
- #glance
Fixing errors like this? Get 500 free DevOps AI prompts
500 copy-paste AI prompts for the stack you actually run — one PDF, free.
Overview
413 Request Entity Too Large is the HTTP error a Glance image upload returns when some layer in the path decides the image is bigger than an allowed limit and refuses it. The limit can be Glance’s own image_size_cap, a per-user storage quota, or — commonly — an HAProxy/reverse-proxy request-body cap in front of the API that rejects the transfer before Glance even sees it all.
The literal errors you will see:
413 Request Entity Too Large: The body of your request was too large for this server to process.
HTTPException: 413 Request Entity Too Large
Image size caps at 1073741824 bytes and the supplied image is 5368709120 bytes.
It occurs during glance image-create/openstack image create --file ... when uploading image data. The tell is that small images upload fine while large ones fail at a consistent size threshold — pointing at a configured cap rather than a store outage.
Symptoms
- Large image uploads fail with
413; small ones succeed. - The image lands in
queued(neveractive) or is deleted after the failed upload. - The failure is reproducible at the same size boundary.
openstack image create --file big.qcow2 --disk-format qcow2 --container-format bare big-image
HTTP 413 Request Entity Too Large
docker logs glance_api 2>&1 | grep -iE "413|too large|image_size_cap|quota" | tail -5
WARNING glance.api ... 413 Request Entity Too Large: Denying attempt to upload image larger than image_size_cap
Common Root Causes
1. Glance image_size_cap too low
Glance enforces a maximum image size; uploads above it are rejected with 413.
docker exec glance_api grep -E '^image_size_cap' /etc/glance/glance-api.conf
image_size_cap = 1073741824
1073741824 is 1 GiB — any larger image is denied. If the log names image_size_cap, this is the cause.
2. Per-user storage quota exceeded
Glance’s user_storage_quota limits total bytes a user may store; exceeding it returns 413.
docker exec glance_api grep -E '^user_storage_quota' /etc/glance/glance-api.conf
openstack image list --property owner=<project-id> -f value -c Name -c Size 2>/dev/null | head
user_storage_quota = 10737418240
If the user’s existing images plus the new one exceed the quota, the upload is refused.
3. HAProxy / reverse-proxy body-size limit
A proxy in front of Glance may cap request body size and return 413 before Glance processes the stream — this is often the surprising real cause.
docker exec haproxy grep -iE 'timeout|maxconn' /etc/haproxy/haproxy.cfg | head
docker logs glance_api 2>&1 | grep -c 413 # if 0 but client got 413, suspect the proxy
# glance_api logged zero 413s but the client saw 413 -> the proxy rejected it
If Glance itself never logs the 413, the proxy or an upstream gateway rejected the body.
4. Web server / WSGI request-size limit
When Glance runs behind Apache/mod_wsgi or a uwsgi front, LimitRequestBody or buffer limits can trigger 413.
docker exec glance_api grep -riE 'LimitRequestBody|client_max_body_size|buffer-size' \
/etc/glance/ /etc/httpd/ 2>/dev/null | head
LimitRequestBody 2147483648
5. Store out of space (surfaced as a size error)
A full backend store can cause the API to reject large writes; check store capacity when 413 correlates with a nearly-full store.
docker exec glance_api grep -E 'filesystem_store_datadir|^stores|default_backend' \
/etc/glance/glance-api.conf
df -h /var/lib/glance/images 2>/dev/null
/dev/mapper/glance 100G 100G 0 100% /var/lib/glance/images
Diagnostic Workflow
Step 1: Determine whether Glance or the proxy returned the 413
docker logs glance_api 2>&1 | grep -c 413
Zero here while the client saw 413 means a proxy/web-server limit; a non-zero count means Glance’s own cap or quota.
Step 2: Read Glance’s configured caps
docker exec glance_api grep -E '^image_size_cap|^user_storage_quota' /etc/glance/glance-api.conf
Step 3: Compare the image size to the cap
ls -l big.qcow2 # bytes
# compare against image_size_cap (bytes)
Step 4: Check the proxy body limits
docker exec haproxy grep -iE 'timeout|maxconn' /etc/haproxy/haproxy.cfg
docker exec glance_api grep -riE 'LimitRequestBody|client_max_body_size' /etc/ 2>/dev/null
Step 5: Verify store capacity
df -h /var/lib/glance/images 2>/dev/null
docker exec glance_api grep -E 'default_backend|stores' /etc/glance/glance-api.conf
Example Root Cause Analysis
A team uploading a 5 GiB appliance image gets 413 Request Entity Too Large, while their 800 MiB base images upload fine. The operator first checks whether Glance logged the rejection:
docker logs glance_api 2>&1 | grep 413 | tail -3
WARNING glance.api ... Denying attempt to upload image larger than image_size_cap (1073741824 bytes)
Glance itself rejected it, and the message names image_size_cap. The config confirms the 1 GiB cap:
docker exec glance_api grep '^image_size_cap' /etc/glance/glance-api.conf
image_size_cap = 1073741824
The cap was left at a conservative default. The fix is to raise it to a value that fits the organization’s largest legitimate image (with headroom), via Kolla config override, then reconfigure and retry:
# set image_size_cap = 21474836480 (20 GiB) in the glance-api config override, then:
kolla-ansible reconfigure -t glance
docker exec glance_api grep '^image_size_cap' /etc/glance/glance-api.conf
openstack image create --file big.qcow2 --disk-format qcow2 --container-format bare big-image
image_size_cap = 21474836480
| status | active |
Before raising the cap, confirm the store and user_storage_quota have room for images that large. Longer term, document a sanctioned maximum image size and align the cap, quota, and any proxy body limits to it.
Prevention Best Practices
- Set
image_size_capdeliberately to your largest sanctioned image plus headroom — not the default — and document the value. - Keep
user_storage_quota, the store capacity, andimage_size_capconsistent so a permitted-size upload can’t fail on quota or disk. - Align any HAProxy/reverse-proxy and web-server body-size limits with
image_size_cap; a proxy 413 is invisible in Glance logs and confuses triage. - Monitor the Glance store’s free space and alert before it fills, since a full store can surface as upload rejections.
- Prefer image import via the web-download/
copy-imageflows for very large images to avoid streaming huge bodies through the API and proxy. - When triaging, always first check whether Glance logged the 413 or the proxy did — it changes which limit you raise.
- Paste the upload error and config into the free incident assistant to pinpoint which layer set the cap, and see more OpenStack guides.
Quick Command Reference
# Did Glance or the proxy return the 413?
docker logs glance_api 2>&1 | grep -c 413
# Glance caps and quota
docker exec glance_api grep -E '^image_size_cap|^user_storage_quota' /etc/glance/glance-api.conf
# Image size vs cap
ls -l big.qcow2
# Proxy / web-server body limits
docker exec haproxy grep -iE 'timeout|maxconn' /etc/haproxy/haproxy.cfg
docker exec glance_api grep -riE 'LimitRequestBody|client_max_body_size' /etc/ 2>/dev/null
# Store capacity
df -h /var/lib/glance/images 2>/dev/null
docker exec glance_api grep -E 'default_backend|stores' /etc/glance/glance-api.conf
# Apply a new cap (after config override)
kolla-ansible reconfigure -t glance
Conclusion
413 Request Entity Too Large on a Glance upload means some layer decided the image exceeds an allowed size. The reproducible size boundary is the diagnostic signature. Typical root causes:
image_size_capset too low for the image.- The user’s
user_storage_quotais exceeded. - An HAProxy/reverse-proxy request-body limit rejecting the transfer before Glance.
- A web-server/WSGI
LimitRequestBodycap. - A full backend store surfacing as a size rejection.
Check whether Glance itself logged the 413 first: if it did, raise image_size_cap/quota after confirming store capacity; if it didn’t, the limit lives in the proxy or web server in front of the API.
Get 500 Battle-Tested DevOps AI Prompts — Free
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.