How to enable instance termination protection for OpenStack using terraform?

0
votes

I'm trying to enable instance termination protection using terraform. But did not see any arguments for openstack like what I found for AWS 'disable_api_termination'.

1
openstackterraformterraform-provider-openstack
I haven't touched OpenStack in a long time but does it even have this ability? There's the lock API call which is a little different (doesn't allow any changes to the instance) but that probably wouldn't fit Terraform's model very well and should instead be handled outside of Terraform or via a provisioner. What is it you are trying to achieve here? Would the prevent_destroy configuration help here?ydaetskcoR
We will be provisioning servers in a production environment and may need to prevent those VMs from being deleted accidentally.Ravichandran

1 Answers

0
votes

I think you need a different mechanism to manage that. Terraform doesn't have option to disable termination like it is implemented for AWS. Those options are tailored after the provider APIs. I'm guessing that OpenStack just doesn't have something similar to this behavior.

To prevent some confusion I want to mention that the Terraform's lifecycle documented here won't be of much good in this regard:

https://www.terraform.io/docs/configuration/resources.html#prevent_destroy

It will disallow you to destroy it using 'terraform destroy' and the likes but won't do much in terms of protection coming from the OpenStack provider itself.

I would rather think about solving this problem in the architectural layer. Think about how you call the OpenStack API and how you manage your services. Around those steps you can probably place an additional layer or step that will manage the lifecycle and keep mistakes down to the minimum. Your process is what could protect you better than any tool.