Comment 80 for bug 2004555
Revision history for this message
| melanie witt (melwitt) wrote Re: [ussuri] Wrong volume attachment - volumes overlapping when connected through iscsi on host | #80 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
> I could be wrong, but option #4 shouldn't work, because the requests from Nova come with the user credentials, not with the nova or glance users.
No, you are right, sorry. For some reason I had been thinking Nova called the attachment delete API with an elevated RequestContext but it doesn't.
So option #4 (if I've not made another mistake!) would have to be instead:
4) Change default Cinder API policy (in the code) to admin-only for DELETE /attachments and terminate_
I'm probably missing something but with this option a configuration change would not be needed. It would however obviously allow admins to delete attachments without going through Nova.