环境: rdo L版
先来说下nova api删除虚拟机的代码中有这么一个判断:
def _delete(self, context, instance, delete_type, cb, **instance_attrs):
if instance.disable_terminate: # 会判断disable_terminate
LOG.info(_LI('instance termination disabled'),
instance=instance)
return
如果disable_terminate为true的话,这个删除操作就直接返回了。
下面就是实现如何暴露这个属性的api
[root@node_172_16_214_226 ~(keystone_admin)]# vim /usr/lib/python2.7/site-packages/nova-4.0-py2.7.egg-info/entry_points.txt limits = nova.api.openstack.compute.limits:Limits lock_server = nova.api.openstack.compute.lock_server:LockServer disable_terminate_server = nova.api.openstack.compute.disable_terminate_server:DisableTerminateServer # 新增这条
定义policy
[root@node_172_16_214_226 ~(keystone_admin)]# vim /etc/nova/policy.json "os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api", "os_compute_api:os-disable-terminate-server:disable_terminate": "rule:admin_or_owner", # 新增 "os_compute_api:os-disable-terminate-server:enable_terminate": "rule:admin_or_owner", # 新增
新增disable_terminate_server.py代码
[root@node_172_16_214_226 ~(keystone_admin)]# cat /usr/lib/python2.7/site-packages/nova/api/openstack/compute/disable_terminate_server.py
# Copyright 2011 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from nova.api.openstack import common
from nova.api.openstack import extensions
from nova.api.openstack import wsgi
from nova import compute
ALIAS = "os-disable-terminate-server"
authorize = extensions.os_compute_authorizer(ALIAS)
class DisableTerminateServerController(wsgi.Controller):
def __init__(self, *args, **kwargs):
super(DisableTerminateServerController, self).__init__(*args, **kwargs)
self.compute_api = compute.API(skip_policy_check=True)
@wsgi.response(202)
@extensions.expected_errors(404)
@wsgi.action('disable_terminate')
def disable_terminate(self, req, id, body):
"""Disable terminate a server instance."""
context = req.environ['nova.context']
authorize(context, action='disable_terminate')
instance = common.get_instance(self.compute_api, context, id)
self.compute_api.disable_terminate(context, instance)
@wsgi.response(202)
@extensions.expected_errors(404)
@wsgi.action('enable_terminate')
def enable_terminate(self, req, id, body):
"""Enable terminate a server instance."""
context = req.environ['nova.context']
authorize(context, action='enable_terminate')
instance = common.get_instance(self.compute_api, context, id)
self.compute_api.enable_terminate(context, instance)
class DisableTerminateServer(extensions.V21APIExtensionBase):
"""Enable/Disable terminate server actions."""
name = "DisableTerminateServer"
alias = ALIAS
version = 1
def get_controller_extensions(self):
controller = DisableTerminateServerController()
extension = extensions.ControllerExtension(self, 'servers', controller)
return [extension]
def get_resources(self):
return []
在compute api中添加对应的函数
[root@node_172_16_214_226 ~(keystone_admin)]# vim /usr/lib/python2.7/site-packages/nova/compute/api.py # 在class API下添加相应的函数
class API(base.Base):
"""API for interacting with the compute manager."""
def __init__(self, p_w_picpath_api=None, network_api=None, volume_api=None,
security_group_api=None, skip_policy_check=False, **kwargs):
self.skip_policy_check = skip_policy_check
self.p_w_picpath_api = p_w_picpath_api or p_w_picpath.API()
self.network_api = network_api or network.API(
skip_policy_check=skip_policy_check)
self.volume_api = volume_api or volume.API()
self.security_group_api = (security_group_api or
openstack_driver.get_openstack_security_group_driver(
skip_policy_check=skip_policy_check))
self.consoleauth_rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
self.compute_rpcapi = compute_rpcapi.ComputeAPI()
self._compute_task_api = None
self.servicegroup_api = servicegroup.API()
self.notifier = rpc.get_notifier('compute', CONF.host)
if CONF.ephemeral_storage_encryption.enabled:
self.key_manager = keymgr.API()
super(API, self).__init__(**kwargs)
。。。。。。。
@wrap_check_policy
def disable_terminate(self, context, instance):
"""Disable terminate the given instance."""
context = context.elevated()
LOG.debug('Disable_terminate', context=context, instance=instance)
instance.disable_terminate = True
instance.save()
@wrap_check_policy
def enable_terminate(self, context, instance):
"""Enable_terminate the given instance."""
context = context.elevated()
LOG.debug('Enable_terminate', context=context, instance=instance)
instance.disable_terminate = False
instance.save()
curl测试
[root@node_172_16_214_226 ~(keystone_admin)]# openstack-service restart nova # 重启服务生效,如果不行的话,可以看nova-api.log [root@node_172_16_214_226 ~(keystone_admin)]# export TOKEN=`openstack token issue | awk '/id/ {print $4}' | head -1` [root@node_172_16_214_226 ~(keystone_admin)]# export SERVER=`nova list | awk '/ACTIVE/ {print $2}'` # disable_terminate [root@node_172_16_214_226 ~(keystone_admin)]# curl -g -i -X POST \ http://node_172_16_214_226:8774/v2.1/7d58dea58dd448d4b095da27986176f2/servers/${SERVER}/action \ -H "User-Agent: python-novaclient" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "X-OpenStack-Nova-API-Version: 2.5" \ -H "X-Auth-Token: ${TOKEN}" \ -d '{"disable_terminate": null}' # 查看instances表可以看到disable_terminate字段是否发生变化 [root@node_172_16_214_226 ~(keystone_admin)]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 14088 Server version: 10.0.25-MariaDB-wsrep MariaDB Server, wsrep_25.13.raf7f02e Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use nova; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [nova]> select disable_terminate from instances where uuid='c55bebc9-a12c-41f9-aa94-81139dd7214a'\G; *************************** 1. row *************************** disable_terminate: 1 1 row in set (0.00 sec) # enable_terminate [root@node_172_16_214_226 ~(keystone_admin)]# curl -g -i -X POST \ http://node_172_16_214_226:8774/v2.1/7d58dea58dd448d4b095da27986176f2/servers/${SERVER}/action \ -H "User-Agent: python-novaclient" \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -H "X-OpenStack-Nova-API-Version: 2.5" \ -H "X-Auth-Token: ${TOKEN}" \ -d '{"enable_terminate": null}'
最后使用nova delete虚拟机,是删除不掉的,哈哈! :)
转载于:https://blog.51cto.com/iceyao/1878590