On 05/06/2013 12:03 PM, Andy Hill wrote: > Greetings, > > I wanted to open a discussion on how Nova can prevent users and > administrators from accidental instance deletion. > > https://blueprints.launchpad.net/nova/+spec/ability-to-set-disable-terminate > > Russell brought up a good point on this blueprint that there's already > 'nova lock', but it looks like a locked instance can still be deleted by > an administrator. > > Compute's API already implements disable_terminate, but there's no way > to set it via Nova API. > > https://github.com/openstack/nova/blob/master/nova/compute/api.py#L1038 > > There could be two ways to go about implementing disable_terminate: > > - nova lock <uuid> --disable_terminate could set disable_terminate on > the instance (admin only) > - nova disable_terminate <uuid> There was another patch that didn't get finished to keep track of *who* locked an instance (user or admin). If an admin locked an instance, then the user would not be able to unlock it. How about finishing that, and then making sure that if an admin locks an instance, it can't be deleted? https://blueprints.launchpad.net/nova/+spec/mandatory-vm-lock https://review.openstack.org/#/c/21535/ Other than an instance being administratively locked, I don't think it makes sense to ever prevent an *admin* from deleting an instance. It's like having root ... use it with care. :-) -- Russell Bryant