diff --git a/specs/ussuri/approved/destroy-instance-with-datavolume.rst b/specs/ussuri/approved/destroy-instance-with-datavolume.rst index a3477426c..0efffde1e 100644 --- a/specs/ussuri/approved/destroy-instance-with-datavolume.rst +++ b/specs/ussuri/approved/destroy-instance-with-datavolume.rst @@ -4,19 +4,20 @@ http://creativecommons.org/licenses/by/3.0/legalcode -===================================================== -Support re-configure deleted_on_termination in server -===================================================== +==================================================== +Support re-configure delete_on_termination in server +==================================================== https://blueprints.launchpad.net/nova/+spec/destroy-instance-with-datavolume -This blueprint proposes to allow changing the ``deleted_on_termination`` -attribute of a volume after an instance is booted. +This blueprint proposes to allow changing the ``delete_on_termination`` +attribute of a volume after an instance is booted, or set the new volume's +``delete_on_termination`` during swap volume. Problem description =================== -Currently, nova support configuring ``deleted_on_termination`` for the root +Currently, nova supports configuring ``delete_on_termination`` for the root disk and data volume (refrerence to the volume attach API [1]_.) when the instance is created, but does not allow it to be updated after the instance is created. @@ -34,6 +35,9 @@ to be able to alter the ``delete_on_termination`` property to either preserve important data while freeing compute resources or freeing storage space and cleaning up sensitive data. +As an admin user, I expect that I can set ``delete_on_termination`` +during swap volume. + The end user expects to be able to decide the policy by which the volumes are preserved or destoryed at any point in the vms lifecyle. @@ -42,9 +46,22 @@ Proposed change Add a new microversion to the Servers with volume attachments model, to support configuring whether to delete the attached volume when the -instance is destroyed. Add ``deleted_on_termination`` property to the +instance is destroyed. Add ``delete_on_termination`` property to the request body. The ``volume_id`` parameter in the url is the volume that -will be set to ``deleted_on_termination``. +will be set to ``delete_on_termination``. + +Change swap volume policy's rule name to +``os_compute_api:os-volumes-attachments:swap``, and make the original +policy's rule name (``os_compute_api:os-volumes-attachments:update``) +allow the update a volume atachment API. + +Add 'rule:system_admin_or_owner' policy to the update volume API. + +After this change, the update volume attachment API will have two policies, +one for general updates (currently only ``delete_on_termination``) and one +for admins which allows changing the volume id (i.e. swap volume) as well +as other attributes. In other words, the swap policy is a superset of the +update policy. Alternatives ------------ @@ -58,16 +75,10 @@ If you boot from volume where nova creates the root volume and to preserve the root volume after the server is deleted, you can create a snapshot of the server. -Another option is change the exist PUT update a volume attachment API, add -``delete_on_termination`` property to the request body, and should make -the ``volumeId`` is optional in the request body. This API is typically meant -to only be used as part of a larger orchestrated volume migration operation -initiated in the block storage service via the ``os-retype`` or -``os-migrate_volume`` volume actions. - -If we change this API, the current ``PUT`` API will become extremely -complicated and difficult to use. In addition, the default policy is -administrative role, which is not applicable to the current use case. +Another option is add a PATCH volume attachment API, allowing a +``delete_on_termination`` property in the request body to support updating +the attached volume, but that will break the nova API and introduce a new +PATCH method. Data model impact ----------------- @@ -81,27 +92,27 @@ Configure ``delete_on_termination`` for the volume attached to the instance. URL: /servers/{server_id}/os-volume_attachments/{volume_id} -* Request method: PATCH (Patch volume attachment) +* Request method: PUT (Update a volume attachment) Add the ``delete_on_termination`` parameter to the request body. -* Patch volume attachment API's request body: +* Update a volume attachment API's request body: .. code-block:: json { "volumeAttachment": { + "volumeId": "a07f71dc-8151-4e7d-a0cc-cd24a3f11113", "delete_on_termination": true } } - The ``delete_on_termination`` in the request body is required: + Other than ``volumeId``, as of the new microversion only + ``delete_on_termination`` may be changed from the current value. Otherwise, + that will be return 400. - - It will return 400 if ``volume_id`` in the path and/or - ``delete_on_termination`` in the request body are not specified. - - Allow admin or owner role to perform this operation and add - 'rule: system_admin_or_owner' policy. +Add 'rule:system_admin_or_owner' policy role to the +update a volume attachment API. Security impact --------------- @@ -116,9 +127,8 @@ None Other end user impact --------------------- -python-novaclient will add support for this ``PATCH`` API, -to support setting ``delete_on_termination`` parameter to -an attached volume. +python-novaclient will be updated to support changing +the ``delete_on_termination`` flag. Performance Impact ------------------ @@ -138,8 +148,7 @@ None Upgrade impact -------------- -During a rolling upgrade if this PATCH update volume attachment API -is call, the request will be reject until all hosts are upgraded. +None Implementation ============== @@ -159,9 +168,11 @@ Feature liaison: Work Items ---------- -* Add patch volume attachment support in nova API. -* Add microversion support. -* Add patch volume attachment API support in python-novaclient. +* Add a new microversion which enables code that allows updating + ``delete_on_termination`` during a PUT request. +* Change the original policy role name for update a volume attachment API. +* Add new policy to the update a volume attachment API. +* Change python-novaclient to support this microversion. * Add related tests. Dependencies @@ -173,7 +184,7 @@ Testing ======= * Add related unit tests for negative scenarios such as trying to call - patch volume attachment API to update an attached volume with an older + update a volume attachment API to update an attached volume with an older microversion, passing ``delete_on_termination`` with an invalid value like null, etc. * Add related functional tests for normal scenarions, e.g. API samples. @@ -184,7 +195,7 @@ with the CinderFixture should be sufficient for testing this feature. Documentation Impact ==================== -Add docs description about this patch volume attachment API. +Add docs description about this microversion. References ========== @@ -201,10 +212,6 @@ For the disscussion of this feature at the Forum in Shanghai: .. [1] http://specs.openstack.org/openstack/nova-specs/specs/train/approved/support-delete-on-termination-in-server-attach-volume.html -.. _PATCH how to works: https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PATCH - -PoC code: https://review.opendev.org/#/c/693828/ - History =======