On Wed, Mar 12, 2014, CARVER, PAUL <[email protected]> wrote: > I have personally witnessed someone (honestly, not me) select "Terminate > Instance" when they meant "Reboot Instance" and that mistake is way too > easy. I'm not sure if it was a brain mistake or mere slip of the mouse, > but it's enough to make people really nervous in a production > environment. If there's one thing you can count on about human beings, > it's that they'll make mistakes sooner or later. Any system that > assumes infallible human beings as a design criteria is making an > invalid assumption.
I think there might be some confusion about what soft-delete we're talking about. Nova has two orthogonal "soft-delete" features: 1) Database rows are never deleted from the database. They are just marked as deleted via a column. This is unexposed to users and is an implementation detail in the current code. 2) Instance deletion can be deferred until a later time. This is called deferred-delete and soft-delete in the code. If the feature is enabled and the instance that has't been reclaimed, it can be restored with the 'nova restore' command. This thread is about the database soft-delete and not the instance soft-delete. JE _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
