Bug 1826334

Summary: [rfe] Ability to prevent creation of an instance with Ephemeral disk
Product: Red Hat OpenStack Reporter: Elf Lewis <elewis>
Component: openstack-novaAssignee: OSP DFG:Compute <osp-dfg-compute>
Status: CLOSED UPSTREAM QA Contact: OSP DFG:Compute <osp-dfg-compute>
Severity: low Docs Contact:
Priority: unspecified    
Version: 16.0 (Train)CC: dasmith, eglynn, jhakimra, kchamart, sbauza, sgordon, vromanso
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-23 14:22:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Elf Lewis 2020-04-21 13:09:01 UTC 
We are going to implement the Compute instance HA in our Openstack region. This is based on OSP13.

Although Instance HA works on ephemeral instances, we would like to avoid customers from creating instances that have ephemeral disks. 
This is to ensure that no instance with ephemeral disks is configured with instance HA.

it would be great if Openstack had the ability to "restrict" certain users so they could only create non-ephemeral instances.

Searching online, I believe that some work has already started on this feature:

https://blueprints.launchpad.net/nova/+spec/flavor-root-disk-none

https://review.opendev.org/#/c/373054/

But after attempting to set the parameters defined in the second link, we discovered that it does not work - evidently there is still work that needs to be done to make this feature work.

Thanks
Comment 1 Artom Lifshitz 2020-04-23 14:22:46 UTC 
That spec went nowhere, but I believe there is currently a different way of achieving what you want:

As of Stein (OSP15), and backported to Queens (OSP13) [0], the fix for bug 1739646 means that flavors with disk size 0 force users to use boot-from-volume instances. Quote the release notes [2]:

The default value for policy rule os_compute_api:servers:create:zero_disk_flavor has changed from rule:admin_or_owner to rule:admin_api which means that by default, users without the admin role will not be allowed to create servers using a flavor with disk=0 unless they are creating a volume-backed server. If you have these kinds of flavors, you may need to take action or temporarily override the policy rule. Refer to bug 1739646 for more details.

In OSP13 though, the default has not changed - so the policy will have to be manually set to rule:admin_api.

I'm closing this bz as UPSTREAM because of this, if this does not address your use case, feel free to reopen.

Cheers!

[0] https://review.opendev.org/#/c/563692/
[1] https://bugs.launchpad.net/nova/+bug/1739646
[2] https://docs.openstack.org/releasenotes/nova/stein.html#relnotes-19-0-0-stable-stein-upgrade-notes