Jump to: navigation, search

Glance-deactivate-image

Revision as of 15:45, 14 February 2014 by Brian-rosmaita (talk | contribs)

This is the full specification for the blueprint https://blueprints.launchpad.net/glance/+spec/deactivate-image

Proposal

Introduce a new image status, 'deactivated'. When an image is in this state, access to the image's data (i.e., what's stored in /v2/images{image_id}/file) would be prohibited to any non-admin user.

Questions

What does deactivating an image mean and what does it do?

Deactivating an image aims to essentially restrict any further instance builds from it. To achieve this, we propose to prohibit image downloads on a deactivated image. For ex: when someone tries to boot an instance off of a deactivated image, nova would be unable to fetch the image data and eventually fail. Prohibiting image downloads will also prohibit operations such as image export and image cloning that may require image data.

Why prohibit image export and image cloning?

These two operations may result in further instance boots as one gets access to image data. Hence, we propose to prohibit these as well.

When can an image be deactivated?

An image can be deactivated only when it is already active. An image in any other status cannot be deactivated.

Is the image data still available when the image is deactivated?

Yes, the image data at all its locations will still be intact, just that no one would be able to download the image and hence, no one would be able to do any operations that require image data like, instance boot, image export and image cloning.

Who can deactivate an image?

Only admins can deactivate and reactivate an image.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Glance-deactivate-image&oldid=42304"