openstack中的延迟删除

glance镜像的延迟删除

在控制节点的glance-api.conf文件中设置延迟删除：

# Turn on/off delayed delete
delayed_delete = False

# Delayed delete time in seconds
scrub_time = 43200

重启openstack-glance-api.service

systemctl start openstack-glance-api.service

测试：删除镜像fedora

[root@controller ~(keystone_admin)]# glance image-list
+--------------------------------------+-----------+-------------+------------------+-------------+--------+
| ID                                   | Name      | Disk Format | Container Format | Size        | Status |
+--------------------------------------+-----------+-------------+------------------+-------------+--------+
| 42d61acd-1ab3-4a7e-a14e-68ad6ba75215 | centos    | iso         | bare             | 358959104   | active |
| a7f49865-0388-48f1-a547-f6f23066fb4f | centos_wc | raw         | bare             | 10737418240 | active |
| f01af3f9-58c3-463d-bf66-fb58825466b4 | fedora_s2 | qcow2       | bare             | 983629824   | active |
+--------------------------------------+-----------+-------------+------------------+-------------+--------+
[root@controller ~(keystone_admin)]# glance image-delete fedora_s2
[root@controller ~(keystone_admin)]# glance image-list
+--------------------------------------+-----------+-------------+------------------+-------------+--------+
| ID                                   | Name      | Disk Format | Container Format | Size        | Status |
+--------------------------------------+-----------+-------------+------------------+-------------+--------+
| 42d61acd-1ab3-4a7e-a14e-68ad6ba75215 | centos    | iso         | bare             | 358959104   | active |
| a7f49865-0388-48f1-a547-f6f23066fb4f | centos_wc | raw         | bare             | 10737418240 | active |
+--------------------------------------+-----------+-------------+------------------+-------------+--

查看数据库信息, fedora_s2的状态为pending_delete。

+--------------------------------------+-----------+-----------+----------------+-----------+---------------------+---------------------+---------------------+---------+-------------+------------------+----------------------------------+----------------------------------+----------+---------+-----------+
| id                                   | name      | size      | status         | is_public | created_at          | updated_at          | deleted_at          | deleted | disk_format | container_format | checksum                         | owner                            | min_disk | min_ram | protected |
+--------------------------------------+-----------+-----------+----------------+-----------+---------------------+---------------------+---------------------+---------+-------------+------------------+----------------------------------+----------------------------------+----------+---------+-----------+
| f01af3f9-58c3-463d-bf66-fb58825466b4 | fedora_s2 | 983629824 | pending_delete |         0 | 2014-02-15 15:03:22 | 2014-04-10 17:51:53 | 2014-04-10 17:51:53 |       1 | qcow2       | bare             | c5870838c1c85547d5b85084071db21a | 86196260e1694d0cbb5049cfba3883f8 |       20 |    2048 |         0 |
+--------------------------------------+-----------+-----------+----------------+-----------+--------

备注：目前image找回功能的接口还在review中，目前仍不可用。

实现原理

实现原理很简单。当打开延迟删除开关后，对image的删除不会立刻触发动作，而只是记录的状态为pending_delete和删除时间。
另外glance有个scrubber的清理服务，会周期性检查pending_delete的image是否到期，到期则进行删除动作。 

glance镜像的删除保护

设置镜像保护是个admin操作，操作方法见如下：

[root@controller ~(keystone_admin)]# glance image-update --is-protected True centos_wc
+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | 2f7476ac2fe077979d2f0cda7640d1a8     |
| container_format | bare                                 |
| created_at       | 2014-04-03T10:45:19                  |
| deleted          | False                                |
| deleted_at       | None                                 |
| disk_format      | raw                                  |
| id               | a7f49865-0388-48f1-a547-f6f23066fb4f |
| is_public        | False                                |
| min_disk         | 0                                    |
| min_ram          | 0                                    |
| name             | centos_wc                            |
| owner            | 86196260e1694d0cbb5049cfba3883f8     |
| protected        | True                                 |
| size             | 10737418240                          |
| status           | active                               |
| updated_at       | 2014-04-10T19:00:29                  |
+------------------+--------------------------------------+
[root@controller ~(keystone_admin)]# glance image-delete centos_wc
Request returned failure status.
403 Forbidden
Image is protected
    (HTTP 403): Unable to delete image centos_wc

实现原理

通过image的属性“protected”进行控制。
删除前检查该属性，未保护则可以删除。保护则不可以删除。
需要先将属性“protected”修改为“False“才能删除。

这里需要注意的是：我没在生产环境测试过，所以不知道效果如何

nova虚拟机的软删除

通过nova.conf，设置回收已删除虚拟机的间隔。

# Interval in seconds for reclaiming deleted instances
# (integer value)
#reclaim_instance_interval=0
reclaim_instance_interval=86400  #延迟一天后删除

该值为0，则立刻删除。不为0，则为软删除。reclaim_instance_interval的单位是秒

在该时间到达前，可以通过API将虚拟机找回。
周期性任务_reclaim_queued_deletes会定期检查，真正删除已经到达时间的虚拟机

重启服务：

在控制节点设置后，需要重启openstack-nova-api.service

 systemctl restart openstack-nova-api.service

在计算节点设置后，需要重启openstack-nova-compute.service

systemctl restart  openstack-nova-compute.service

实现原理

实现原理比较简单，通过虚拟机数据库中的状态进行软删除控制。
通过定时任务进行虚拟机的删除。

注意：

1.控制节点和计算节点都要设置
2.如果只在控制节点设置reclaim_instance_interval=86400，则虚拟机会有SOFT_DELETED标志，但是机器不会真正删除

用命令行查看软删除的机器：

nova list --deleted --all-tenants | grep SOFT

软删除的虚拟机恢复

nova restore 机器的uuid