yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1807110] [NEW] Shelved instance image/snapshot is not protected from deletion

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Trent Lloyd <trent.lloyd@xxxxxxxxxxxxx>
Date: Thu, 06 Dec 2018 08:34:26 -0000
Reply-to: Bug 1807110 <1807110@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When shelving an instance with nova storage (instead of boot from
volume), a glance snapshot of the VM is created before it is shelved.

The user is free to delete this snapshot with no warning, indication or
error that the snapshot is needed by the shelved instance other than the
name (being VMNAME-shelved).

Shelved images should be protected from deletion, ideally by indicating
they are in use by the shelved instance or at the very least we could
set (and perhaps not allow unsetting) the 'protected' flag.

This results in data loss when the user inadvertently deletes the
snapshot, not realizing it is required for the shelved instance. While
it's technically user-induced and not spontaneous, a reasonable user
would expect a warning or indication in such a case.

This bug probably crosses over into glance rather than just nova,
however, nova would likely need to at least partially orchestrate such a
protection, so I am filing the bug against nova initially.

== Steps to reproduce ==
 (1) openstack server create --flavor m1.small --image xenial --network tenant --wait test-a
 (2) openstack shelve test-a # wait
 (3) openstack image delete test-a-shelved --wait # Received: NO ERROR, Expected: ERROR
 (4) openstack server unshelve test-a # ERROR (cannot find image)

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1807110

Title:
  Shelved instance image/snapshot is not protected from deletion

Status in OpenStack Compute (nova):
  New

Bug description:
  When shelving an instance with nova storage (instead of boot from
  volume), a glance snapshot of the VM is created before it is shelved.

  The user is free to delete this snapshot with no warning, indication
  or error that the snapshot is needed by the shelved instance other
  than the name (being VMNAME-shelved).

  Shelved images should be protected from deletion, ideally by
  indicating they are in use by the shelved instance or at the very
  least we could set (and perhaps not allow unsetting) the 'protected'
  flag.

  This results in data loss when the user inadvertently deletes the
  snapshot, not realizing it is required for the shelved instance. While
  it's technically user-induced and not spontaneous, a reasonable user
  would expect a warning or indication in such a case.

  This bug probably crosses over into glance rather than just nova,
  however, nova would likely need to at least partially orchestrate such
  a protection, so I am filing the bug against nova initially.

  == Steps to reproduce ==
   (1) openstack server create --flavor m1.small --image xenial --network tenant --wait test-a
   (2) openstack shelve test-a # wait
   (3) openstack image delete test-a-shelved --wait # Received: NO ERROR, Expected: ERROR
   (4) openstack server unshelve test-a # ERROR (cannot find image)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1807110/+subscriptions

Follow ups

[Bug 1807110] Re: Shelved instance image/snapshot is not protected from deletion
From: Matt Riedemann, 2018-12-06