Comment 12 for bug 1969643

Thanks @mfo i think your two concerns are valid. This patch does create the risk that a user, in deleting a single volume, could overwhelm the Ceph cluster. It is not uncommon for production Ceph clusters to be reasonably full and with this patch if you happen to delete a large volume that has a large number of clones it could tip your cluster usage over the edge without any warning. I feel somewhat that what the patch is addressing is more an issue of convenience than a bug and while it is nice to be leveraging the trash feature of rbd v2, I think that to make this patch really same some guardrails should be put in place. I would recommend at least having a (configurable) limit to the number of clones a volume is allowed to have (and perhaps taking into account size) in order for auto-flattening to be allowed.

To Mauricio's second point, given that in order to implement this properly you need to also consider how and when your trashed images are deleted, it might have been safer to make this an optional feature, defaulting to disabled so that the necessary pre-requisites/changes can be put in place before it is enabled.

I am therefore not hugely in favour of backporting this patch as-is and perhaps if we can focus on addressin some of the safety concerns raised we could reconsider it later.