Instances in soft-delete counting against quota
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
SCENARIO:
Instance Quota: 10
1. User spins up 10 instances.
2. User deletes 10 instances.
3. User goes to spin up 1 instance <--- THIS FAILS.
The reason this fails is because in step 2, we didn't actually delete the instance, we marked it for soft-delete. Currently these soft-deleted instances will count in the tally of used-instances for the customer.
This is an issue b/c the customer has no idea that we're actually retaining the instance for CYA purposes. It won't show up in the list, and we may potentially hold on to the instance-data for many hours.
FIX:
We should modify the quota code to disregard soft-deleted instances.
CAVEAT:
Removing the quota could possibly lead to a DOS vector since a user could continually create and destroy N instances; consuming disk-space as they go.
This could be mitigated by only keeping an instance in soft-delete for at most as long as it was around (e.g. if an instance was created and torn down in 5 minutes, we'll keep it around after deleting for 5 minutes).
Another addition could be a soft_delete quota that is set fairly high; for example a user could have a soft_deleted quota set to 10 times their instance quota.
| Thierry Carrez (ttx) wrote | #1 |
| Changed in nova: | |
| status: | New → Incomplete |
| Changed in nova: | |
| importance: | Undecided → Wishlist |
| status: | Incomplete → Confirmed |
| Hendrik Volkmer (hvolkmer) wrote | #2 |
| Vish Ishaya (vishvananda) wrote | #3 |
| Changed in nova: | |
| importance: | Wishlist → Medium |
I'd say that the soft-delete feature is a trade-off: you add incorrect quotas and various inconsistencies to get CYA support. I understand that some deployers may want this, but a lot of other, more down-to-the-bone cloud deployers would certainly prefer correct quotas and no CYA. This should have been optional...