Hi there, Le 2014-06-16 15:28, melanie witt a écrit :
Hi all,
[...]
During the patch review, a reviewer raised a concern about the purpose of instance locking and whether prevention of snapshot while an instance is locked is appropriate. From what we understand, instance lock is meant to prevent unwanted modification of an instance. Is snapshotting considered a logical modification of an instance? That is, if an instance is locked to a user, they take a snapshot, create another instance using that snapshot, and modify the instance, have they essentially modified the original locked instance? I wanted to get input from the ML on whether it makes sense to disallow snapshot an instance is locked.
Beyond 'preventing accidental change to the instance', locking could be seen as 'preventing any operation' to the instance. If I, as a user, lock an instance, it certainly only prevents me from accidentally deleting the VM. As I can unlock whenever I need to, there seems to be no other use case (chmod-like). If I, as an admin, lock an instance, I am preventing operations on a VM and am preventing an ordinary user from overriding the lock.
This is a form of authority enforcing that maybe should prevent even snapshots to be taken off that VM. The thing is that enforcing this beyond the limits of nova is AFAIK not there, so cloning/snapshotting cinder volumes will still be feasible. Enforcing it only in nova as a kind of 'security feature' may become misleading.
The more I think about it, the more I get to think that locking is just there to avoid mistakes, not voluntary misbehaviour.
-- Ahmed _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
