环境: rdo L版
先来说下nova api删除虚拟机的代码中有这么一个判断:
def _delete(self, context, instance, delete_type, cb, **instance_attrs): if instance.disable_terminate: # 会判断disable_terminate LOG.info(_LI('instance termination disabled'), instance=instance) return
如果disable_terminate为true的话,这个删除操作就直接返回了。
下面就是实现如何暴露这个属性的api
[root@node_172_16_214_226 ~(keystone_admin)]# vim /usr/lib/python2.7/site-packages/nova-4.0-py2.7.egg-info/entry_points.txt limits = nova.api.openstack.compute.limits:Limits lock_server = nova.api.openstack.compute.lock_server:LockServer disable_terminate_server = nova.api.openstack.compute.disable_terminate_server:DisableTerminateServer # 新增这条
定义policy
[root@node_172_16_214_226 ~(keystone_admin)]# vim /etc/nova/policy.json "os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api", "os_compute_api:os-disable-terminate-server:disable_terminate": "rule:admin_or_owner", # 新增 "os_compute_api:os-disable-terminate-server:enable_terminate": "rule:admin_or_owner", # 新增
新增disable_terminate_server.py代码
[root@node_172_16_214_226 ~(keystone_admin)]# cat /usr/lib/python2.7/site-packages/nova/api/openstack/compute/disable_terminate_server.py # Copyright 2011 OpenStack Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from nova.api.openstack import common from nova.api.openstack import extensions from nova.api.openstack import wsgi from nova import compute ALIAS = "os-disable-terminate-server" authorize = extensions.os_compute_authorizer(ALIAS) class DisableTerminateServerController(wsgi.Controller): def __init__(self, *args, **kwargs): super(DisableTerminateServerController, self).__init__(*args, **kwargs) self.compute_api = compute.API(skip_policy_check=True) @wsgi.response(202) @extensions.expected_errors(404) @wsgi.action('disable_terminate') def disable_terminate(self, req, id, body): """Disable terminate a server instance.""" context = req.environ['nova.context'] authorize(context, action='disable_terminate') instance = common.get_instance(self.compute_api, context, id) self.compute_api.disable_terminate(context, instance) @wsgi.response(202) @extensions.expected_errors(404) @wsgi.action('enable_terminate') def enable_terminate(self, req, id, body): """Enable terminate a server instance.""" context = req.environ['nova.context'] authorize(context, action='enable_terminate') instance = common.get_instance(self.compute_api, context, id) self.compute_api.enable_terminate(context, instance) class DisableTerminateServer(extensions.V21APIExtensionBase): """Enable/Disable terminate server actions.""" name = "DisableTerminateServer" alias = ALIAS version = 1 def get_controller_extensions(self): controller = DisableTerminateServerController() extension = extensions.ControllerExtension(self, 'servers', controller) return [extension] def get_resources(self): return []
在compute api中添加对应的函数
[root@node_172_16_214_226 ~(keystone_admin)]# vim /usr/lib/python2.7/site-packages/nova/compute/api.py # 在class API下添加相应的函数 class API(base.Base): """API for interacting with the compute manager.""" def __init__(self, p_w_picpath_api=None, network_api=None, volume_api=None, security_group_api=None, skip_policy_check=False, **kwargs): self.skip_policy_check = skip_policy_check self.p_w_picpath_api = p_w_picpath_api or p_w_picpath.API() self.network_api = network_api or network.API( skip_policy_check=skip_policy_check) self.volume_api = volume_api or volume.API() self.security_group_api = (security_group_api or openstack_driver.get_openstack_security_group_driver( skip_policy_check=skip_policy_check)) self.consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI() self.compute_rpcapi = compute_rpcapi.ComputeAPI() self._compute_task_api = None self.servicegroup_api = servicegroup.API() self.notifier = rpc.get_notifier('compute', CONF.host) if CONF.ephemeral_storage_encryption.enabled: self.key_manager = keymgr.API() super(API, self).__init__(**kwargs) 。。。。。。。 @wrap_check_policy def disable_terminate(self, context, instance): """Disable terminate the given instance.""" context = context.elevated() LOG.debug('Disable_terminate', context=context, instance=instance) instance.disable_terminate = True instance.save() @wrap_check_policy def enable_terminate(self, context, instance): """Enable_terminate the given instance.""" context = context.elevated() LOG.debug('Enable_terminate', context=context, instance=instance) instance.disable_terminate = False instance.save()
curl测试
[root@node_172_16_214_226 ~(keystone_admin)]# openstack-service restart nova # 重启服务生效,如果不行的话,可以看nova-api.log [root@node_172_16_214_226 ~(keystone_admin)]# export TOKEN=`openstack token issue | awk '/id/ {print $4}' | head -1` [root@node_172_16_214_226 ~(keystone_admin)]# export SERVER=`nova list | awk '/ACTIVE/ {print $2}'` # disable_terminate [root@node_172_16_214_226 ~(keystone_admin)]# curl -g -i -X POST \ http://node_172_16_214_226:8774/v2.1/7d58dea58dd448d4b095da27986176f2/servers/${SERVER}/action \ -H "User-Agent: python-novaclient" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "X-OpenStack-Nova-API-Version: 2.5" \ -H "X-Auth-Token: ${TOKEN}" \ -d '{"disable_terminate": null}' # 查看instances表可以看到disable_terminate字段是否发生变化 [root@node_172_16_214_226 ~(keystone_admin)]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 14088 Server version: 10.0.25-MariaDB-wsrep MariaDB Server, wsrep_25.13.raf7f02e Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use nova; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [nova]> select disable_terminate from instances where uuid='c55bebc9-a12c-41f9-aa94-81139dd7214a'\G; *************************** 1. row *************************** disable_terminate: 1 1 row in set (0.00 sec) # enable_terminate [root@node_172_16_214_226 ~(keystone_admin)]# curl -g -i -X POST \ http://node_172_16_214_226:8774/v2.1/7d58dea58dd448d4b095da27986176f2/servers/${SERVER}/action \ -H "User-Agent: python-novaclient" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "X-OpenStack-Nova-API-Version: 2.5" \ -H "X-Auth-Token: ${TOKEN}" \ -d '{"enable_terminate": null}'
最后使用nova delete虚拟机,是删除不掉的,哈哈! :)