Virtual instance rescue with boot from volume instances

Building on the existing stable disk device rescue spec 1 this spec will introduce support for rescuing boot from volume (BFV) instances and detail the impact this will have on the API.

Problem description

The original instance rescue implementation included a check in the compute API to block any requests to rescue instances where the root BDM is a cinder volume 2. Any such request would be rejected initially by an InstanceNotRescuable exception being raised back to the API that would then result in a 400 error being returned to the caller.

Given the work being carried out as part of the stable disk device rescue spec 1 we are now able to correctly wire up all disks during an instance rescue and as a result can remove this check, accepting requests to rescue BFV instances.

Use Cases

  • Tenant users would like to rescue BFV instances.

Proposed change

The work outlined in the stable disk device rescue spec 1 will already allow Nova to correctly wire up root cinder volumes during a rescue while booting from the rescue device.

The only additional changes required to allow us to remove the current BFV instance check from the compute API are a new compatibility trait, update to _get_rescue_image within the compute manager and a new API microversion.

A new COMPUTE_RESCUE_BFV trait will be introduced to os-traits, allowing a compatibility check within the compute API to ensure the target compute service is capable of rescuing BFV instances.

In the compute manager _get_rescue_image will be extended to attempt to find a reference to the original image when a rescue image is not provided but the instance is BFV. An InstanceNotRescuable exception will be raised if no reference to the original can be found as we can’t boot from the original root disk as a rescue device while also attaching it again to the instance during a rescue.

A new API microversion will be introduced to signal the change in behaviour from the existing rescue implementation where attempts to rescue BFV instances were rejected.



Data model impact


REST API impact

A new microversion will be introduced to signal the change in behaviour from the original implementation. No other changes will be made to the API.

Security impact


Notifications impact


Other end user impact

Users attempting to use this feature will need to opt-in by using the newly introduced microversion or later.

Performance Impact


Other deployer impact


Developer impact


Upgrade impact

The COMPUTE_RESCUE_BFV compatibility trait will be used to ensure the target compute service is capable of performing the requested rescue against a BFV instance within the compute API. If this is not set the existing InstanceNotRescuable exception will be raised back to the API resulting in a 400 error being returned to the caller.

The new microversion or later will be used by callers to opt-in to this new behaviour. If this isn’t provided the original behaviour of rejecting requests to rescue BFV instances will be used.



Primary assignee:


Other contributors:

Feature Liaison


Work Items

  • Complete the initial stable device rescue spec. 1

  • Introduce a new COMPUTE_RESCUE_BFV trait to os-traits

  • Start reporting this trait from Nova’s Libvirt driver.

  • Introduce a new microversion signalling the API behaviour change.

  • Start using the new COMPUTE_RESCUE_BFV trait and microversion in the REST API to determine when to allow the Compute API to rescue a BFV instance.


As highlighted throughout this spec this all requires the initial stable disk device rescue spec 1 to land before this could be implemented.


Tempest and functional tests will be introduced to fully validate this new behaviour.

Documentation Impact

The new microversion will be documented and the existing rescue API documentation updated to reference it.



Virtual instance rescue with stable disk devices


BFV instance compute API check



Release Name