From cbc0df73015702a2503f83885ea11355c8f2bcc4 Mon Sep 17 00:00:00 2001
From: Nikola Dipanov <ndipanov@redhat.com>
Date: Thu, 7 Mar 2013 17:48:54 +0100
Subject: Prevent rescue for volume-backed instances

This patch prevents rescuing of volume_backed instances, by checking
for it in the API layer and raising an exception if instance on which a
rescue was attempted is volume backed.

Rescue is supposed to just be a way to log into a wayward instance
if something goes wrong with the base image that may have had some data
(logfiles etc.) and make it possible to grab that - block devices are
assumed to be accessible by re-attaching them, and are considered
persistant so no need for rescue there.

Fixes bug: #1067744
blueprint: improve-boot-from-volume

Change-Id: I8a4b1ccff7406837de3086aa413034e8e647b8fa
---
 nova/api/openstack/compute/contrib/rescue.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'nova/api')

diff --git a/nova/api/openstack/compute/contrib/rescue.py b/nova/api/openstack/compute/contrib/rescue.py
index b6cf3a918..d8699e0e0 100644
--- a/nova/api/openstack/compute/contrib/rescue.py
+++ b/nova/api/openstack/compute/contrib/rescue.py
@@ -63,6 +63,9 @@ class RescueController(wsgi.Controller):
         except exception.InstanceInvalidState as state_error:
             common.raise_http_conflict_for_instance_invalid_state(state_error,
                                                                   'rescue')
+        except exception.InstanceNotRescuable as non_rescuable:
+            raise exc.HTTPBadRequest(explanation=unicode(non_rescuable))
+
         return {'adminPass': password}
 
     @wsgi.action('unrescue')
-- 
cgit