nova有個有意思的功能,《鎖定雲主機》,從某種程度上來講算是對虛擬機的一種保護機制吧。node
社區nova lock server bp (nova api那端) https://review.openstack.org/#/c/58267/python
nova compute端實現的lock instance修飾器,這個修飾器直接加在snapshot、attach/detach interface等虛擬機操做函數前面,就起到鎖定雲主機的效果。git
nova/compute/api.py def check_instance_lock(function): @functools.wraps(function) def inner(self, context, instance, *args, **kwargs): if instance.locked and not context.is_admin: # 這裏鎖定雲主機對admin role的用戶無效,這裏能夠hack下,讓管理員也沒法操做鎖定的雲主機 raise exception.InstanceIsLocked(instance_uuid=instance.uuid) return function(self, context, instance, *args, **kwargs) return inner
L版nova已經有查詢虛擬機是否被lock的api了,不過要求api version大於2.9github
https://github.com/openstack/nova/commit/49a572a043f27623a15af5f1b8e54c3a560b805cvim
下面是個人修改過程(rdo源裝出來的OpenStack):api
[root@node_172_16_214_226 nova(keystone_admin)]# vim /usr/lib/python2.7/site-packages/nova-4.0-py2.7.egg-info/entry_points.txt extended_status = nova.api.openstack.compute.extended_status:ExtendedStatus extended_volumes = nova.api.openstack.compute.extended_volumes:ExtendedVolumes extension_info = nova.api.openstack.compute.extension_info:ExtensionInfo extended_lock_status = nova.api.openstack.compute.extended_lock_status:Extended_lock_status # 這個是新加的
須要擴展下nova apipython2.7
[root@node_172_16_214_226 nova(keystone_admin)]# cat /usr/lib/python2.7/site-packages/nova/api/openstack/compute/extended_lock_status.py from nova.api.openstack import extensions from nova.api.openstack import wsgi ALIAS = "os-extended-lock-status" authorize = extensions.os_compute_soft_authorizer(ALIAS) PREFIX = "OS-EXT-LS" class ExtendedLockStatusController(wsgi.Controller): def _extend_server(self, server, instance): key = "%s:%s" % (PREFIX, 'locked_by') server[key] = instance['locked_by'] @wsgi.extends def show(self, req, resp_obj, id): context = req.environ['nova.context'] if authorize(context): server = resp_obj.obj['server'] # server['id'] is guaranteed to be in the cache due to # the core API adding it in its 'show' method. db_instance = req.get_db_instance(server['id']) self._extend_server(server, db_instance) @wsgi.extends def detail(self, req, resp_obj): context = req.environ['nova.context'] if authorize(context): servers = list(resp_obj.obj['servers']) for server in servers: # server['id'] is guaranteed to be in the cache due to # the core API adding it in its 'detail' method. db_instance = req.get_db_instance(server['id']) self._extend_server(server, db_instance) class Extended_lock_status(extensions.V21APIExtensionBase): """Extended lock Status support.""" name = "ExtendedLockStatus" alias = ALIAS version = 1 def get_controller_extensions(self): controller = ExtendedLockStatusController() extension = extensions.ControllerExtension(self, 'servers', controller) return [extension] def get_resources(self): return []
經過nova show看效果ide
[root@node_172_16_214_226 nova(keystone_admin)]# nova show test 函數
+--------------------------------------+----------------------------------------------------------+ui
| Property | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-LS:locked_by | - | # 這個是新添加的屬性
| OS-EXT-SRV-ATTR:host | node_172_16_214_226 |
| OS-EXT-SRV-ATTR:hostname | test |
| OS-EXT-SRV-ATTR:hypervisor_hostname | node_172_16_214_226 |
| OS-EXT-SRV-ATTR:instance_name | instance-00000046 |
| OS-EXT-SRV-ATTR:kernel_id | |
| OS-EXT-SRV-ATTR:launch_index | 0 |
| OS-EXT-SRV-ATTR:ramdisk_id | |
| OS-EXT-SRV-ATTR:reservation_id | r-kbdl0t6k |
| OS-EXT-SRV-ATTR:root_device_name | /dev/vda |
| OS-EXT-SRV-ATTR:user_data | - |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2016-11-22T13:21:58.000000 |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2016-11-22T13:21:52Z |
| flavor | m1.tiny (1) |
| hostId | 29b91781dbeba4710be0f1016c579eac24e8699c1835d19b0ad0ece7 |
| id | c55bebc9-a12c-41f9-aa94-81139dd7214a |
| p_w_picpath | cirros (9799a9f9-2e4b-4151-badc-ab0aba64fef1) |
| key_name | test |
| metadata | {} |
| name | test |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | ACTIVE |
| tenant_id | 7d58dea58dd448d4b095da27986176f2 |
| test network | 172.15.7.70 |
| updated | 2016-11-23T03:36:07Z |
| user_id | 97130e6be7b04c61bf59cd13e9ba3b33 |
+--------------------------------------+----------------------------------------------------------+
參考連接