Shelved instance image/snapshot is not protected from deletion
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Opinion
|
Wishlist
|
Unassigned |
Bug Description
When shelving an instance with nova storage (instead of boot from volume), a glance snapshot of the VM is created before it is shelved.
The user is free to delete this snapshot with no warning, indication or error that the snapshot is needed by the shelved instance other than the name (being VMNAME-shelved).
Shelved images should be protected from deletion, ideally by indicating they are in use by the shelved instance or at the very least we could set (and perhaps not allow unsetting) the 'protected' flag.
This results in data loss when the user inadvertently deletes the snapshot, not realizing it is required for the shelved instance. While it's technically user-induced and not spontaneous, a reasonable user would expect a warning or indication in such a case.
This bug probably crosses over into glance rather than just nova, however, nova would likely need to at least partially orchestrate such a protection, so I am filing the bug against nova initially.
== Steps to reproduce ==
(1) openstack server create --flavor m1.small --image xenial --network tenant --wait test-a
(2) openstack shelve test-a # wait
(3) openstack image delete test-a-shelved --wait # Received: NO ERROR, Expected: ERROR
(4) openstack server unshelve test-a # ERROR (cannot find image)
tags: | added: shelve |
Hmm, this is an interesting point. Setting the protected=true flag on the image seems like a good solution, except I don't see any kind of force delete option for images. Would a user be able to change the protected value from true to false if they really knew what they were doing and wanted to delete the snapshot image? It's unclear to me from reading the docs on updating an image and the image schema:
https:/ /developer. openstack. org/api- ref/image/ v2/index. html#update- image
https:/ /developer. openstack. org/api- ref/image/ v2/index. html#show- image-schema
This should probably be discussed on the mailing list to get wider input as this would also be an API behavior change for shelve.