Make instance lock more granular
Nova supports lock instances, when an instance is locked, only admin can
request actions on this instance, and normal users could not do anything.
This kind of behavior is somehow not flexible enough. As some action
might not be harmful depending on the reason the instances are locked.
For example, in our public cloud, we want to support some kind of pre-paid
instances, for this kind of instances, user will be able to perform actions like
start, stop, restart, snapshot etc to the instance, but they are not allowed to
attach new volume to that insstance or detach a volume from that instsance
as it is an pre-paid instance.
Another example is that for our pre-paid instances, if the user want to resize
it to another flavor, we will want them to pay first before they can perform
the resize action, in this case, we want to lock the instance actions like start,
(if the instance started within this time, after the user paid, the resize action
will failed to operate), and release the lock(from upper layer management
services) after the user paid for the new flavor.
Another example is use OpenStack as container infrastructure, we may want
to have a stable cluster so that the resources like network interfaces won't
change, but the user may still be allowed to do some actions like start/stop/
restart/snapshot on the instances.
This blueprint proposes to make instance lock more granular, that is, admin
can set and release about what kind of actions on perticular instances when
locking/unlocking.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Low
- Drafter:
- Zhenyu Zheng
- Direction:
- Needs approval
- Assignee:
- Zhenyu Zheng
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Not started
- Milestone target:
- None
- Started by
- Completed by
