[dev][nova][glance] Interesting bug about deleting shelved server snapshot
Matt Riedemann
mriedemos at gmail.com
Thu Dec 6 12:45:55 UTC 2018
I came across this bug during triage today:
https://bugs.launchpad.net/nova/+bug/1807110
They are advocating that nova/glance somehow keep a shelved server
snapshot image from being inadvertently deleted by the user since it
could result in data loss as they can't unshelve the server later (there
is metadata in nova that links the shelved server to the snapshot image
in glance which is used during unshelve).
I don't see a base description field on images but I suppose nova could
write a description property that explains what the snapshot is and warn
against deleting it.
Going a step further, nova could potentially set the protected flag to
true so the image cannot be deleted, but I have two concerns about that:
1. I don't see any way to force delete a protected image in glance -
does that exist or has it been discussed before?
2. Would the user be able to PATCH the image to change the protected
value to false and then delete the image if they really wanted to?
The other problem with nova marking the image as protected is that if
the user deletes the server, the compute API tries to delete the
snapshot image [1] which would fail if it's still protected, and then we
could see snapshot images getting orphaned in glance. Arguably nova
could detect this situation, update the protected field to false, and
then delete the image.
Other thoughts? Has this come up before?
[1]
https://github.com/openstack/nova/blob/c9dca64fa64005e5bea327f06a7a3f4821ab72b1/nova/compute/api.py#L1950
--
Thanks,
Matt
More information about the openstack-discuss
mailing list