[ops][nova][victoria] Power State = Suspended?
Sean Mooney
smooney at redhat.com
Mon Jan 24 13:48:53 UTC 2022
On Mon, 2022-01-24 at 13:44 +0000, Sean Mooney wrote:
> On Mon, 2022-01-24 at 10:59 +0100, Christian Rohmann wrote:
> > Hey Mohammed,
> >
> >
> > thanks for the input!
> >
> > On 21/01/2022 12:48, Mohammed Naser wrote:
> > > Sorry to hijack such an old thread. Looking into these features, I was
> > > just wondering if it was possible to:
> > >
> > >
> > > 1) Disable the support for pause / suspend altogether and not
> > > allow anyone to place instances in such states?
> > >
> > > you can use policy to disable suspending vms via the api
> >
> > Good point, thanks.
> >
> >
> > > 2) Change the storage location of the saved guest RAM to a
> > > shared storage to allow the instance to be migrated while being
> > > suspended/paused. As far as I can see currently this data is saved
> > > on the host disk.
> > >
> > > you can mount the path where things get saved at where ever you want
> > > (I think it’s somewhere inside /var/lib/nova/instances)
> >
> >
> > That's true, but this would require some multi-mountable shared storage
> > like CephFS or some NFS to remove the dependency from a single node.
> > It's not like Nova would store this data as e.g. a RBD image in Ceph via
> > some config option, right?
>
> the instance state dir contence no.
> so wehn you use the rbd images backend and you suspend the ram is saved to disk on the local system
> i could see adding a feature to nova to poteally upload that as an addtional rbd image to ceph.
> or maybe store it itn swift or something like that but nova cannot do it today.
>
> you could certenly put the instance state dir on a cephfs share or nfs
> we dont realy like dealing with shared storage for the state dir but the generic code we have for nfs
> should work with cephfs. just be aware de dont currently test that but i dont see why we could not
> extned the ceph job to mount /var/lib/nova on cephfs to get coverage in the ci.
>
>
> in the short term i agree that using a cephfs mount is likely the best way to avoid the guest ram from beign stored
> on the comptue node disk. in terms fo disabling suspend the simplelst way to do that is to alter the policy.json
> and make that either admin only or preferably require a new role then just dont give that role to your tenants.
the polices in question are defined here
https://github.com/openstack/nova/blob/master/nova/policies/suspend_server.py
so you woudl override os_compute_api:os-suspend-server:suspend
with check_str='is_admin:True' or check_str='project_id:%(project_id)s and role:suspend'
it really depends on if you want to still allow suspend for some user or just admins
if you want to block even admins then set check_str='!'
that will alwasys reject the request.
>
> >
> >
> >
> > Regards
> >
> >
> > Christian
> >
> >
>
More information about the openstack-discuss
mailing list