On 06/17/2014 03:03 PM, melanie witt wrote:
On Jun 16, 2014, at 13:56, Michael Still <mi...@stillhq.com> wrote:
It is certainly my belief that the lock functionality for instances is
about avoiding accidental changes to the instance itself, not the
contents of the instance. I personally think that snapshots aren't a
change to the instance and therefore should be allowed, but I'd be
interested in other people's thoughts on this.
Thank you for sharing your view. I'm also interested in hearing other thoughts
-- if the consensus is to allow snapshot of a locked instance, I can close the
loop on the lp bug for the reporter.
If anyone else has some input on snapshotting locked instances, please chime in!
It appears that locking was added in 2010
(8aea573bd2e44e152fb4ef1627640bab1818dede), at which time commit
messages weren't nearly as clear and helpful as they now are so there's
not much insight from that. But the lock checking methods added at that
time have a docstring that includes "decorator used for preventing
action against locked instances". So the original intent seems to be
that API actions would not be allowed against locked instances. From
that point of view snapshotting should be disallowed.
Having said that, the main reason that I've heard for locks being used
is to prevent accidental deletes. And I've heard requests for locks
that only prevent deletes. So in my experience users want more granular
locks, not more inclusive locking. So I wouldn't consider it a bug that
snapshots are allowed while an instance is locked.
But getting back to the original issue, I'm not sure locking snapshots
is going to help. The intent seems to be keeping users from gaining
access to data that's within the instance. But locks don't keep a user
from seeing what's on the instance, or doing something like an LVM
snapshot of the data from within the instance.
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
