On Thu, Dec 6, 2018 at 2:50 PM Matt Riedemann <mriedemos@gmail.com> wrote:
On 12/6/2018 8:14 AM, Sean Mooney wrote:
2. Would the user be able to PATCH the image to change the protected value to false and then delete the image if they really wanted to? would they need too? if they wanted to delete the snapshot could thye not just delete the shelved instnace. if the snapshot is goin i assume we will not be able to unshvel it anyway by falling back to the base image or something like that so is there a usecase where deleteing the snap shot leave the shelved instance in a valid unshelvable state? if not i think setting the protected flag is ok to do.
I'm having a hard time understanding what you're saying. Are you saying, the user should delete the protected snapshot via deleting the shelved server? I don't think that's very clear. But yes you can't unshelve the instance if the image is deleted (or if the user does not have access to it, which is a separate bug [1675791]). I think you're just saying, the user shouldn't need to delete the protected shelve snapshot image and if they do, the server should be deleted as well.
yes sorry i did not say that clearly. basically i wanted to say that since the user would break the unshelving of an instance by deleting the snapshot nova created we should prevent them from doing that by setting the protected flag. if they really wanted to still delete the snappshot they should therefor delete the shelved instance which should cause nova to delete the snapshot.
The other problem with nova marking the image as protected is that if the user deletes the server, the compute API tries to delete the snapshot image [1] which would fail if it's still protected, and then we could see snapshot images getting orphaned in glance. Arguably nova could detect this situation, update the protected field to false, and then delete the image. that seams sane to me. if nova set teh protected field when shelving the instance it shold be able to unprotect the snapshot when unshelving.
It's not unshelve, it's delete.
sorry you are correct on deleting the instance i think nova should be able to unprotect the snapshot if the instnace is still shelved. that said there could be issues with this if someone manually booted another instance form the snapshot but im not sure if that would have other issues.
--
Thanks,
Matt