环境: rdo L版


先来说下nova api删除虚拟机的代码中有这么一个判断:

def _delete(self, context, instance, delete_type, cb, **instance_attrs):
        if instance.disable_terminate:                # 会判断disable_terminate
            LOG.info(_LI('instance termination disabled'),
                     instance=instance)
            return

如果disable_terminate为true的话,这个删除操作就直接返回了。


下面就是实现如何暴露这个属性的api

[root@node_172_16_214_226 ~(keystone_admin)]# vim /usr/lib/python2.7/site-packages/nova-4.0-py2.7.egg-info/entry_points.txt
limits = nova.api.openstack.compute.limits:Limits
lock_server = nova.api.openstack.compute.lock_server:LockServer
disable_terminate_server = nova.api.openstack.compute.disable_terminate_server:DisableTerminateServer   # 新增这条


定义policy

[root@node_172_16_214_226 ~(keystone_admin)]# vim /etc/nova/policy.json        
"os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api",
"os_compute_api:os-disable-terminate-server:disable_terminate": "rule:admin_or_owner",   # 新增
"os_compute_api:os-disable-terminate-server:enable_terminate": "rule:admin_or_owner",   #  新增


新增disable_terminate_server.py代码

[root@node_172_16_214_226 ~(keystone_admin)]# cat /usr/lib/python2.7/site-packages/nova/api/openstack/compute/disable_terminate_server.py
# Copyright 2011 OpenStack Foundation
#
#   Licensed under the Apache License, Version 2.0 (the "License"); you may
#   not use this file except in compliance with the License. You may obtain
#   a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#   License for the specific language governing permissions and limitations
#   under the License.

from nova.api.openstack import common
from nova.api.openstack import extensions
from nova.api.openstack import wsgi
from nova import compute

ALIAS = "os-disable-terminate-server"
authorize = extensions.os_compute_authorizer(ALIAS)

class DisableTerminateServerController(wsgi.Controller):
    def __init__(self, *args, **kwargs):
        super(DisableTerminateServerController, self).__init__(*args, **kwargs)
        self.compute_api = compute.API(skip_policy_check=True)
    @wsgi.response(202)
    @extensions.expected_errors(404)
    @wsgi.action('disable_terminate')
    def disable_terminate(self, req, id, body):
        """Disable terminate a server instance."""
        context = req.environ['nova.context']
        authorize(context, action='disable_terminate')
        instance = common.get_instance(self.compute_api, context, id)
        self.compute_api.disable_terminate(context, instance)
    @wsgi.response(202)
    @extensions.expected_errors(404)
    @wsgi.action('enable_terminate')
    def enable_terminate(self, req, id, body):
        """Enable terminate a server instance."""
        context = req.environ['nova.context']
        authorize(context, action='enable_terminate')
        instance = common.get_instance(self.compute_api, context, id)
        self.compute_api.enable_terminate(context, instance)
        
        
class DisableTerminateServer(extensions.V21APIExtensionBase):
    """Enable/Disable terminate server actions."""
    name = "DisableTerminateServer"
    alias = ALIAS
    version = 1
    def get_controller_extensions(self):
        controller = DisableTerminateServerController()
        extension = extensions.ControllerExtension(self, 'servers', controller)
        return [extension]
    def get_resources(self):
        return []


在compute api中添加对应的函数

[root@node_172_16_214_226 ~(keystone_admin)]# vim /usr/lib/python2.7/site-packages/nova/compute/api.py  # 在class API下添加相应的函数
class API(base.Base):
    """API for interacting with the compute manager."""
    def __init__(self, p_w_picpath_api=None, network_api=None, volume_api=None,
                 security_group_api=None, skip_policy_check=False, **kwargs):
        self.skip_policy_check = skip_policy_check
        self.p_w_picpath_api = p_w_picpath_api or p_w_picpath.API()
        self.network_api = network_api or network.API(
            skip_policy_check=skip_policy_check)
        self.volume_api = volume_api or volume.API()
        self.security_group_api = (security_group_api or
            openstack_driver.get_openstack_security_group_driver(
                skip_policy_check=skip_policy_check))
        self.consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
        self.compute_rpcapi = compute_rpcapi.ComputeAPI()
        self._compute_task_api = None
        self.servicegroup_api = servicegroup.API()
        self.notifier = rpc.get_notifier('compute', CONF.host)
        if CONF.ephemeral_storage_encryption.enabled:
            self.key_manager = keymgr.API()
        super(API, self).__init__(**kwargs)
。。。。。。。

    @wrap_check_policy
    def disable_terminate(self, context, instance):
        """Disable terminate the given instance."""
        context = context.elevated()
        LOG.debug('Disable_terminate', context=context, instance=instance)
        instance.disable_terminate = True
        instance.save()
        
    @wrap_check_policy
    def enable_terminate(self, context, instance):
        """Enable_terminate the given instance."""
        context = context.elevated()
        LOG.debug('Enable_terminate', context=context, instance=instance)
        instance.disable_terminate = False
        instance.save()


curl测试

[root@node_172_16_214_226 ~(keystone_admin)]# openstack-service restart nova  # 重启服务生效,如果不行的话,可以看nova-api.log
[root@node_172_16_214_226 ~(keystone_admin)]# export TOKEN=`openstack token issue | awk '/id/ {print $4}' | head -1`
[root@node_172_16_214_226 ~(keystone_admin)]# export SERVER=`nova list | awk '/ACTIVE/ {print $2}'`

# disable_terminate
[root@node_172_16_214_226 ~(keystone_admin)]# curl -g -i -X POST \
http://node_172_16_214_226:8774/v2.1/7d58dea58dd448d4b095da27986176f2/servers/${SERVER}/action \
-H "User-Agent: python-novaclient" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "X-OpenStack-Nova-API-Version: 2.5" \
-H "X-Auth-Token: ${TOKEN}" \
-d '{"disable_terminate": null}'

# 查看instances表可以看到disable_terminate字段是否发生变化
[root@node_172_16_214_226 ~(keystone_admin)]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 14088
Server version: 10.0.25-MariaDB-wsrep MariaDB Server, wsrep_25.13.raf7f02e

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use nova;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [nova]> select disable_terminate from instances where uuid='c55bebc9-a12c-41f9-aa94-81139dd7214a'\G;
*************************** 1. row ***************************
disable_terminate: 1
1 row in set (0.00 sec)

# enable_terminate
[root@node_172_16_214_226 ~(keystone_admin)]# curl -g -i -X POST \
http://node_172_16_214_226:8774/v2.1/7d58dea58dd448d4b095da27986176f2/servers/${SERVER}/action \
-H "User-Agent: python-novaclient" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "X-OpenStack-Nova-API-Version: 2.5" \
-H "X-Auth-Token: ${TOKEN}" \
-d '{"enable_terminate": null}'


最后使用nova delete虚拟机,是删除不掉的,哈哈! :)