This is a text-only version of the following page on https://raymii.org: --- Title : Openstack Soft Delete - recover deleted instances Author : Remy van Elst Date : 18-03-2017 URL : https://raymii.org/s/articles/Openstack_Soft_Delete_-_recover_deleted_instances.html Format : Markdown/HTML --- ![][1] This article contains both an end user and OpenStack administrator guide to set up and use `soft_delete` with OpenStack Nova. If an instance is deleted with nova delete, it's gone right away. If `soft_delete` is enabled, it will be queued for deletion for a set amount of time, allowing end-users and administrators to restore the instance with the `nova restore` command. This can save your ass (or an end-users bottom) if the wrong instance is removed. Setup is simple, just one variable in `nova.conf`. There are some caveats we'll also discuss here.

Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:

I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $200 credit for 60 days. Spend $25 after your credit expires and I'll get $25!

### Pro's and Con's There are some considorations you need to make when enabling soft-deletion. I'll discuss them below. The most important one is that instances are not deleted right away. If you're a heavy API user, herding cattle (spawning and deleting many instances all the time), capacity management might be a problem. ![][3] Let's say you set the `reclaim_instance_interval` to 3 days (because, what if a user removes an instance during the weekend, this is a ass-saver after all), but you spawn and remove about a hundred servers every day. (Let's assume you have cloud-ready applications, good for you). Normally, the capacity (RAM, disk, cpu, volumes, floating IP's, security groups) used by these VM's is removed right away. With soft-delete enabled, all of this will be reserved until after 3 days in this case. This means you need to have capacity to store 300 instances extra. This can be mitigated by using `nova force-delete`. This delete function skips the `SOFT_DELETE` state entirely. Or you can set the `reclaim_instance_interval` to a smaller amount of time. This is a consideration you should plan for based on the available infrastructure and usage patterns in your cloud. The second caveat is that when you delete an instance, attached resources (Volumes, Floating IP's, Security Groups) stay reserved. If you need a volume that was attached to an instance that is soft-deleted, you first need to `recover` that instance, then detach the volume (or other resource) and then delete the instance again. Or detach the resource before you delete the instance. Normally, when deleting an instance, the resources are released automatically. If you use the API for resource management you [need to][4] take this into consideration as well. The third is that a `nova list` doesn't show instances in the `SOFT_DELETED` state. Recovering can only be done with the UUID, so you must have noted that somewhere, or do a database query if you have that level of access. If a floating IP or volume is still attached to the VM, you are able to get the UUID from there, otherwise you're out of luck. The positive part of soft-delete is that you can recover instances. I work for a large cloud provider and the amount of times we get the question from end users will suprise you. Higher up however decided that this feature should not be enabled, so we always have to tell users something along the lines of 'Time to restore your backups'. Mostly this is because of the extreme amount of resources being created and deleted, also because you just should have good backups (regularly tested). In a private cloud setting this is a much better argument. Users there will probably remove the wrong instance and panic, call you, and you will be the hero of the day. In a public cloud this can also be a feature, marketing wise. Now, after all the points, let's continue on to the setup. ### Administrator setup In your `/etc/nova/nova.conf` file, there is a (commented by default) variable `reclaim_instance_interval`. This is the amount of time, in seconds, that an instance will at least be in the state `SOFT_DELETED`. There is a scheduler task that runs every `$reclaim_instance_interval` seconds. It checks if an instance has the state `SOFT_DELETED`, and if it is at least `reclaim_instance_interval` seconds in this state. If so, it will be removed permanently. If you set `reclaim_instance_interval` to 4 hours, and an instance is deleted just when this task runs, it might overlap and will be removed after 8 hours, since one of the two conditions is not met. In practice this won't happen very often. You need to deploy this change to `nova.conf` on all your `nova-compute` servers and everywhere the `nova-api` runs (`scheduler`, `conducter`, etc). Restart the services afterwards. ### Testing After you've enabled soft-delete, create an instance (`nova boot`), attach a volume and make sure it boots: $ nova show 905b8228-6a0b-48ec-a7e6-e2e7b7460004 +--------------------------------------+----------------------------------------------------------------------------------------------------+ | Property | Value | +--------------------------------------+----------------------------------------------------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | NL1 | | OS-EXT-SRV-ATTR:host | compute-3-7 | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute-3-7 | | OS-EXT-SRV-ATTR:instance_name | instance-00044243 | | OS-EXT-STS:power_state | 1 | | OS-EXT-STS:task_state | - | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2017-03-18T10:21:25.000000 | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | config_drive | | | created | 2017-03-18T10:20:46Z | | flavor | Tiny (199) | | hostId | 3d7ed510fb3dfa987e7eb7ae6f70106917a5feb57fe56ef740a1d9ed | | id | 905b8228-6a0b-48ec-a7e6-e2e7b7460004 | | image | CloudVPS Ubuntu 16.04 (cda1773d-064c-4750-9c41-081467fc6575) | | metadata | {} | | name | test-delete | | net-public network | 185.3.210.299 | | os-extended-volumes:volumes_attached | [{"id": "6a664e03-46bf-4f7b-9eb7-14d16d305a6d"}] | | progress | 0 | | security_groups | built-in-allow-icmp, built-in-allow-web, built-in-provider-access, built-in-remote-access, default | | status | ACTIVE | | updated | 2017-03-18T10:21:25Z | +--------------------------------------+----------------------------------------------------------------------------------------------------+ Delete the instance: $ nova delete 905b8228-6a0b-48ec-a7e6-e2e7b7460004 Request to delete server 905b8228-6a0b-48ec-a7e6-e2e7b7460004 has been accepted. A `nova show` will now show the instance as SOFT_DELETED: $ nova show 905b8228-6a0b-48ec-a7e6-e2e7b7460004 +--------------------------------------+----------------------------------------------------------------------------------------------------+ | Property | Value | +--------------------------------------+----------------------------------------------------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | NL1 | | OS-EXT-SRV-ATTR:host | compute-3-7 | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute-3-7 | | OS-EXT-SRV-ATTR:instance_name | instance-00044243 | | OS-EXT-STS:power_state | 4 | | OS-EXT-STS:task_state | - | | OS-EXT-STS:vm_state | soft-delete | | OS-SRV-USG:launched_at | 2017-03-18T10:21:25.000000 | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | config_drive | | | created | 2017-03-18T10:20:46Z | | flavor | Tiny (199) | | hostId | 3d7ed510fb3dfa987e7eb7ae6f70106917a5feb57fe56ef740a1d9ed | | id | 905b8228-6a0b-48ec-a7e6-e2e7b7460004 | | image | CloudVPS Ubuntu 16.04 (cda1773d-064c-4750-9c41-081467fc6575) | | key_name | Remy | | metadata | {} | | name | test-delete | | net-public network | 185.3.210.227 | | os-extended-volumes:volumes_attached | [{"id": "6a664e03-46bf-4f7b-9eb7-14d16d305a6d"}] | | security_groups | built-in-allow-icmp, built-in-allow-web, built-in-provider-access, built-in-remote-access, default | | status | SOFT_DELETED | | updated | 2017-03-18T10:50:25Z | +--------------------------------------+----------------------------------------------------------------------------------------------------+ The volume will still show as attached: $ cinder show 6a664e03-46bf-4f7b-9eb7-14d16d305a6d +--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | attachments | [{'id': '6a664e03-46bf-4f7b-9eb7-14d16d305a6d', 'host_name': None, 'device': '/dev/sdb', 'server_id': '905b8228-6a0b-48ec-a7e6-e2e7b7460004', 'volume_id': '6a664e03-46bf-4f7b-9eb7-14d16d305a6d'}] | | availability_zone | NL1 | | bootable | false | | created_at | 2017-03-18T10:47:14.000000 | | description | None | | encrypted | False | | id | 6a664e03-46bf-4f7b-9eb7-14d16d305a6d | | metadata | {'readonly': 'False', 'attached_mode': 'rw'} | | name | test-delete | | os-vol-host-attr:host | zfs-3-4 | | os-vol-mig-status-attr:migstat | None | | os-vol-mig-status-attr:name_id | None | | size | 8 | | snapshot_id | None | | source_volid | None | | status | in-use | | volume_type | None | +--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Horizon and other interfaces will probably show it as well: ![][5] ![][6] Using the `nova restore` command we can bring back the server: $ nova restore 905b8228-6a0b-48ec-a7e6-e2e7b7460004 There is no output. A `nova show` will show the server back in `ACTIVE` state, it will boot up as if it had a regular shutdown. Now do this again and await the scheduler. If you then do a `nova show`, the instance should be removed and the volume should be released. ### End user usage The `nova restore` action is by default not admin only. If you have a UUID you can restore an instance, if the public cloud provider has enabled this feature. To test if it is enabled, just remove an instance and see if it goes into the `SOFT_DELETED` state with `nova show`. If so, send them a message / ticket asking what the scheduler timeout is, how long you can recover the instance. ### Database query to get all soft_deleted instances If you manage a private cloud and someone calls you to recover their instance, if you have access to the database of nova, you can execute the following query to get all instances in soft _deleted state with their UUID. The caller will probably have a name, and otherwise a tenant_ id helps as well. Then just do a `nova recover` and you're all set: SELECT uuid,hostname,project_id FROM nova.instances WHERE vm_state = 'soft-delete'; Example output: +--------------------------------------+--------------------+----------------------------------+ | uuid | hostname | project_id | +--------------------------------------+--------------------+----------------------------------+ | 8b6f7517-8155-463a-a277-e08d5597c1cd | test | c3347bc952eb4904bb922c379beb1932 | | 73e6f3bf-e3b8-432f-b6ce-4208f476b8f9 | khjkjhkjhjkhkhkhjk | e80a4d46437446b1b51d57ecc566f9e4 | | 169c8696-d831-4331-8a7e-831b1526bbac | jkhjkhkh | 3335ae642c4a42549b7a4489adf98d7c | | 8c7a7c1f-bfa9-41cc-8172-9fa190f3ff9d | c7-test | e80a4d46437446b1b51d57ecc566f9e4 | | 099b37fa-04f8-4561-a6f4-e5d9d0bd9223 | lkjlkjlkj | e80a4d46437446b1b51d57ecc566f9e4 | | 905b8228-6a0b-48ec-a7e6-e2e7b7460004 | test-delete | 3335ae642c4a42549b7a4489adf98d7c | +--------------------------------------+--------------------+----------------------------------+ 6 rows in set (0.20 sec) [1]: https://raymii.org/s/inc/img/ocata-lg.jpg [2]: https://www.digitalocean.com/?refcode=7435ae6b8212 [3]: https://raymii.org/s/inc/img/cloudscaling_pets_cattle_servers.jpg [4]: https://github.com/hashicorp/terraform/issues/5104 [5]: https://raymii.org/s/inc/img/soft-delete.png [6]: https://raymii.org/s/inc/img/soft-delete2.png --- License: All the text on this website is free as in freedom unless stated otherwise. This means you can use it in any way you want, you can copy it, change it the way you like and republish it, as long as you release the (modified) content under the same license to give others the same freedoms you've got and place my name and a link to this site with the article as source. This site uses Google Analytics for statistics and Google Adwords for advertisements. You are tracked and Google knows everything about you. Use an adblocker like ublock-origin if you don't want it. All the code on this website is licensed under the GNU GPL v3 license unless already licensed under a license which does not allows this form of licensing or if another license is stated on that page / in that software: This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Just to be clear, the information on this website is for meant for educational purposes and you use it at your own risk. I do not take responsibility if you screw something up. Use common sense, do not 'rm -rf /' as root for example. If you have any questions then do not hesitate to contact me. See https://raymii.org/s/static/About.html for details.