[dev][nova][glance] Interesting bug about deleting shelved server snapshot

Sean Mooney smooney at redhat.com
Thu Dec 6 15:26:18 UTC 2018


On Thu, Dec 6, 2018 at 2:50 PM Matt Riedemann <mriedemos at gmail.com> wrote:
>
> On 12/6/2018 8:14 AM, Sean Mooney wrote:
> >> 2. Would the user be able to PATCH the image to change the protected
> >> value to false and then delete the image if they really wanted to?
> > would they need too?
> > if they wanted to delete the snapshot could thye not just delete the
> > shelved instnace. if the snapshot is goin i assume we will not be able
> > to unshvel
> > it anyway by falling back to the base image or something like that so is
> > there a usecase where deleteing the snap shot leave the shelved instance in a
> > valid unshelvable state? if not i think setting the protected flag is ok to do.
>
> I'm having a hard time understanding what you're saying. Are you saying,
> the user should delete the protected snapshot via deleting the shelved
> server? I don't think that's very clear. But yes you can't unshelve the
> instance if the image is deleted (or if the user does not have access to
> it, which is a separate bug [1675791]). I think you're just saying, the
> user shouldn't need to delete the protected shelve snapshot image and if
> they do, the server should be deleted as well.

yes sorry i did not say that clearly.

basically i wanted to say that since the user would break the unshelving of
an instance by deleting the snapshot nova created we should prevent them from
doing that by setting the protected flag. if they really wanted to
still delete the snappshot
they should therefor delete the shelved instance which should cause
nova to delete
the snapshot.
>
> >> The other problem with nova marking the image as protected is that if
> >> the user deletes the server, the compute API tries to delete the
> >> snapshot image [1] which would fail if it's still protected, and then we
> >> could see snapshot images getting orphaned in glance. Arguably nova
> >> could detect this situation, update the protected field to false, and
> >> then delete the image.
> > that seams sane to me. if nova set teh protected field when shelving the
> > instance it shold be able to unprotect the snapshot when unshelving.
>
> It's not unshelve, it's delete.
sorry you are correct on deleting the instance
i think nova should be able to unprotect the snapshot if the instnace is still
shelved. that said there could be issues with this if someone manually
booted another
instance form the snapshot but im not sure if that would have other issues.
>
> --
>
> Thanks,
>
> Matt



More information about the openstack-discuss mailing list