Like other OpenStack objects, images and snapshots are susceptible to accidental deletion by users. By default, images are unprotected, meaning they can be deleted at any time by a user within a project. The following sections explain how an image can be protected to ensure its survival.
When protecting an image, ensure that you are authenticated as an administrator or are the owner of the image. You will need the following details, at a minimum:
- Image name or ID
For our examples, the following will be used:
- Image name:
COOKBOOK_UBUNTU_IMAGE
With the OpenStack client installed on our system, we are now able to protect an image with the following command:
openstack image set COOKBOOK_UBUNTU_IMAGE --protected
No output is returned if the operation is successful. Use the openstack image show command to reveal the status of the image:
When an image is protected in OpenStack, users are unable to delete the image. Attempting to delete a protected image results in an error similar to the following:
Failed to delete image with name or ID 'COOKBOOK_UBUNTU_IMAGE': 403 Forbidden: Image d120a923-5246-4dca-8f52-51a951bffce5 is protected and cannot be deleted. (HTTP 403) Failed to delete 1 of 1 images.
Protecting an image is a useful step in ensuring that snapshots and other special images remain unharmed in a cloud shared by many users and projects.
When unprotecting an image, ensure that you are authenticated as an administrator or are the owner of the image. You will need the following details, at a minimum:
- Image name or ID
For our examples, the following will be used:
- Image name:
COOKBOOK_UBUNTU_IMAGE