[openstack-dev] Resources owned by a project/tenant are not cleaned up after that project is deleted from keystone
Matt Riedemann
mriedem at linux.vnet.ibm.com
Mon Feb 2 17:53:49 UTC 2015
On 2/2/2015 11:46 AM, Matt Riedemann wrote:
> This came up in the operators mailing list back in June [1] but given
> the subject probably didn't get much attention.
>
> Basically there is a really old bug [2] from Grizzly that is still a
> problem and affects multiple projects. A tenant can be deleted in
> Keystone even though other resources in other projects are under that
> project, and those resources aren't cleaned up.
>
> Keystone implemented event notifications back in Havana [3] but the
> other projects aren't listening on them to know when a project has been
> deleted and act accordingly.
>
> The bug has several people saying "we should talk about this at the
> summit" for several summits, but I can't find any discussion or summit
> sessions related back to the bug.
>
> Given this is an operations and cross-project issue, I'd like to bring
> it up again for the Vancouver summit if there is still interest (which
> I'm assuming there is from operators).
>
> There is a blueprint specifically for the tenant deletion case but it's
> targeted at only Horizon [4].
>
> Is anyone still working on this? Is there sufficient interest in a
> cross-project session at the L summit?
>
> Thinking out loud, even if nova doesn't listen to events from keystone,
> we could at least have a periodic task that looks for instances where
> the tenant no longer exists in keystone and then take some action (log a
> warning, shutdown/archive/, reap, etc).
>
> There is also a spec for L to transfer instance ownership [5] which
> could maybe come into play, but I wouldn't depend on it.
>
> [1]
> http://lists.openstack.org/pipermail/openstack-operators/2014-June/004559.html
>
> [2] https://bugs.launchpad.net/nova/+bug/967832
> [3] https://blueprints.launchpad.net/keystone/+spec/notifications
> [4] https://blueprints.launchpad.net/horizon/+spec/tenant-deletion
> [5] https://review.openstack.org/#/c/105367/
>
I will apologize ahead of time for saying 'projects' for services like
nova, glance, cinder, etc, while also talking about projects/tenants in
keystone, I realize this is confusing. :)
--
Thanks,
Matt Riedemann
More information about the OpenStack-dev
mailing list