Api changes to have the ability to set disable_terminate on instances

Registered by Kashi Reddy

This flag(disable_terminate) is used to make sure instances are not deleted by mistake.

As of now we don't have the ability to update and also ability to set it during creation.

One main usages would be setting this flag so that instances will not be wrongly terminated.

This flag could be used by end users too if they want to make sure some servers are not deleted by mistake.

Compute manager already implements disable_terminate functionality on delete but it cannot be set via Nova API.

Thoughts around approach.
1) Add a new parameter to Compute API. wit default value as false.
2) Add ability to update this field.

Blueprint information

Status:
Complete
Approver:
Russell Bryant
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
Kashi Reddy
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Russell Bryant

Related branches

Sprints

Whiteboard

There's already an instance lock. See 'nova help lock'. Is that enough here? --russellb

nova lock still allows deletion from Administrative users. We were hoping to have disable_terminate implemented to further safeguard VMs from inadvertent Admin Deletion. - hillad

discussion started here: http://lists.openstack.org/pipermail/openstack-dev/2013-May/008628.html

souvikb: when we looked at the lock functionality we figured out that lock will restrict all other actions on the server. We only want to restrict delete operation. Hence it may not be appropriate for this case.

So current approach taken is as follows:
- Create a new extension called disable-terminate to extend functionality of server create and update core functionality
- During server creation and during server update, check for if the extension is loaded
- If the extension is loaded, then read the disable terminate flag from the request if it exists. The default value is false
- Update the disable_terminate field in instances table based on the request

Feel free to reopen this if you can gain some consensus on the mailing list for adding this feature. --russellb

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.