Mirantis Training Blog: User Deletion and User VMs

Jake Girouard - July 9, 2015 -

Welcome to Mirantis Training’s monthly Q&A section. Here we answer questions that we have collected from students within our OpenStack courses over time. If you have a question that you would like a Mirantis technical instructor to answer, feel free to post your comments in the section below. We will do our best to cover your question in next month’s post.

Are users’ VMs automatically deleted when the user is deleted in OpenStack?

No, virtual machines belonging to a particular user are not deleted when that user’s account is deleted in keystone. In fact, very few resources attributed to an individual user are removed when the user is deleted. The reason behind this is that, without a way to restore resources to their original state or validate the decision before execution (through business logic or human intervention), the act of proactively deleting these resources could be incredibly damaging. Since OpenStack is generally intended to be used in a multi-tenant deployment, there’s a high likelihood that the VMs from one user are currently being (or will one day be) used by other users with access to the same project. In addition, there’s always a chance of accidental user deletion, in which case an operator would hope for a way to re-create the user and return ownership of those resources.

Having said all that, the OpenStack development community is aware of the need to “clean up” resources deployed by a user after that user is intentionally removed. There are related blueprints and bugs detailing the efforts and considerations; for instance in Horizon and Neutron (additional blueprints for Neutron). These conversations only begin to touch the surface of this complicated problem, as there are potentially multiple different types of resources that could be tied to a user and many different ways to measure whether or not resources are still in use. Considering the fact that, in a simple environment, a user could provision several networks via Neutron, block storage devices via Cinder, virtual machines via Nova and object stores via Swift, unplanned removal of all those resources could have disastrous results.

Looking at this from different perspective, this problem could be solved with policies outlined and enforced by the OpenStack “Policy as a Service” project Congress. Based on the Kilo release, there is enough functionality to deliver an after-the-fact cleanup by checking whether the assets can still be accessed by any active accounts, etc.  Additionally, for operators that need to remove resources after account deletion, there are some external “clean up” approaches that are available. For example, CloudWatt has written a client-side script called OSPurge (detailed in this blog post). Although VMs (and other resources) are not automatically cleaned up when a user account is deleted, you can see that there are multiple ways to programmatically remove and reclaim these resources. The best choice among these will be different from one environment to the next, but luckily there are many options available!

If you have additional questions about OpenStack, take a look at the OpenStack courses Mirantis Training offers. Our training is 100% vanilla OpenStack, with no vendor specific versions and/or proprietary implementations. Unlock your OpenStack skills by registering for a course today.

OpenStack Course Comparison
From Virtualization to Containerization
Learn how to move from monolithic to microservices in this free eBook
Download Now
How is Cloud Native Changing the Landscape of Edge and 5G? [Recording]

Late last year, Mirantis hosted a Cloud Native and Coffee panel featuring CTO Adam Parco, Global Field CTO Shaun O’Meara, Director of Technical Marketing Nick Chase, and special guest Darragh Grealish, CTO of 56K Cloud. Below are highlights of the discussion that touch on what edge is and how developers can bring cloud native innovation to edge computing and 5G. …

How is Cloud Native Changing the Landscape of Edge and 5G? [Recording]
Moving to Cloud Native: How to Move Apps from Monolithic to Microservices

Enterprises face the challenge of consistently deploying and managing applications in production, at scale. Fortunately, there are more technologies and tools available today than ever before. However, transitioning from a traditional, monolithic architecture to a cloud native one comes with its own unique challenges. Below, you will find a list of the critical first steps you need to take when …

Moving to Cloud Native: How to Move Apps from Monolithic to Microservices
Mirantis Newsletter - January 2022

Every month, Mirantis sends out a newsletter chronicling top industry and company news. Below you’ll find links to blogs, tutorials, videos, and the latest updates to our enterprise, open source, and training offerings. If you don’t currently receive the newsletter, you can subscribe by clicking the button on the top right. Mirantis Brings Secure Registries to Any Kubernetes Distro Launched earlier this …

Mirantis Newsletter - January 2022
Technical training
Learn Kubernetes & OpenStack from Deployment Experts
Prep for certification!
View schedule
The Definitive Guide to Container Platforms
Manage your cloud-native container environment with Mirantis Container Cloud

Wednesday, January 5 at 10:00 am PST