[openstack-dev] [nova] locked instances and snaphot

Ahmed RAHAL arahal at iweb.com
Wed Jun 18 00:21:05 UTC 2014


Hi there,

Le 2014-06-16 15:28, melanie witt a écrit :
> Hi all,
>
[...]
>
> During the patch review, a reviewer raised a concern about the
> purpose of instance locking and whether prevention of snapshot while
> an instance is locked is appropriate. From what we understand,
> instance lock is meant to prevent unwanted modification of an
> instance. Is snapshotting considered a logical modification of an
> instance? That is, if an instance is locked to a user, they take a
> snapshot, create another instance using that snapshot, and modify the
> instance, have they essentially modified the original locked
> instance?
>
> I wanted to get input from the ML on whether it makes sense to
> disallow snapshot an instance is locked.

Beyond 'preventing accidental change to the instance', locking could be 
seen as 'preventing any operation' to the instance.
If I, as a user, lock an instance, it certainly only prevents me from 
accidentally deleting the VM. As I can unlock whenever I need to, there 
seems to be no other use case (chmod-like).
If I, as an admin, lock an instance, I am preventing operations on a VM 
and am preventing an ordinary user from overriding the lock.

This is a form of authority enforcing that maybe should prevent even 
snapshots to be taken off that VM. The thing is that enforcing this 
beyond the limits of nova is AFAIK not there, so cloning/snapshotting 
cinder volumes will still be feasible.
Enforcing it only in nova as a kind of 'security feature' may become 
misleading.

The more I think about it, the more I get to think that locking is just 
there to avoid mistakes, not voluntary misbehaviour.

-- 

Ahmed



More information about the OpenStack-dev mailing list