[dev][nova][glance] Interesting bug about deleting shelved server snapshot

Sean Mooney smooney at redhat.com
Thu Dec 6 14:14:16 UTC 2018


On Thu, Dec 6, 2018 at 12:52 PM Matt Riedemann <mriedemos at gmail.com> wrote:
>
> I came across this bug during triage today:
>
> https://bugs.launchpad.net/nova/+bug/1807110
>
> They are advocating that nova/glance somehow keep a shelved server
> snapshot image from being inadvertently deleted by the user since it
> could result in data loss as they can't unshelve the server later (there
> is metadata in nova that links the shelved server to the snapshot image
> in glance which is used during unshelve).
>
> I don't see a base description field on images but I suppose nova could
> write a description property that explains what the snapshot is and warn
> against deleting it.
>
> Going a step further, nova could potentially set the protected flag to
> true so the image cannot be deleted, but I have two concerns about that:
>
> 1. I don't see any way to force delete a protected image in glance -
> does that exist or has it been discussed before?
>
> 2. Would the user be able to PATCH the image to change the protected
> value to false and then delete the image if they really wanted to?
would they need too?
if they wanted to delete the snapshot could thye not just delete the
shelved instnace. if the snapshot is goin i assume we will not be able
to unshvel
it anyway by falling back to the base image or something like that so is
there a usecase where deleteing the snap shot leave the shelved instance in a
valid unshelvable state? if not i think setting the protected flag is ok to do.
>
> The other problem with nova marking the image as protected is that if
> the user deletes the server, the compute API tries to delete the
> snapshot image [1] which would fail if it's still protected, and then we
> could see snapshot images getting orphaned in glance. Arguably nova
> could detect this situation, update the protected field to false, and
> then delete the image.
that seams sane to me. if nova set teh protected field when shelving the
instance it shold be able to unprotect the snapshot when unshelving.
>
> Other thoughts? Has this come up before?
>
> [1]
> https://github.com/openstack/nova/blob/c9dca64fa64005e5bea327f06a7a3f4821ab72b1/nova/compute/api.py#L1950
>
> --
>
> Thanks,
>
> Matt
>



More information about the openstack-discuss mailing list