Thomas Lamprecht [Thu, 15 Sep 2016 08:45:15 +0000 (10:45 +0200)]
cleanup backup & mounted locks after recovery (fixes #1100)
This cleans up the backup and mounted locks after a service is
recovered from a failed node, else it may not start if a locked
action occurred during the node failure.
We allow deletion of backup and mounted locks as they are secure
to do so if the node which hosted the locked service is now fenced.
We do not allow snapshot lock deletion as this needs more manual
clean up, also they are normally triggered manually.
Further ignore migration locks for now, we should over think that but
as its a manual triggered action for now it should be OK to not
auto delete it.
We do cannot remove locks via the remove_lock method provided by
PVE::AbstractConfig, as this method is well behaved and does not
allows removing locks from VMs/CTs located on another node. We also
do not want to adapt this method to allow arbitrary lock removing,
independent on which node the config is located, as this could cause
missuse in the future. After all one of our base principles is that
the node owns its VMs/CTs (and there configs) and only the owner
itself may change the status of a VM/CT.
The HA manager needs to be able to change the state of services
when a node failed and is also allowed to do so, but only if the
node is fenced and we need to recover a service from it.
So we (re)implement the remove lock functionality in the resource
plugins.
We call that only if a node was fenced, and only *previous* stealing
the service. After all our implication to remove a lock is that the
owner (the node) is fenced. After stealing it we already changed
owner, and the new owner is *not* fenced and thus our implication
does not hold anymore - the new owner may already do some stuff
with the service (config changes, etc.)
Add the respective log.expect output from the added test to enable
regression testing this issue.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 14 Sep 2016 09:29:43 +0000 (11:29 +0200)]
add possibility to simulate locks from services
In the real PVE2 environment locks can be leftover if a node fails
during an locked action like for example backups.
A left over lock may hinder the service to start on another node,
allow our test environment to simulate such events.
Also add two regression tests without the expected log files.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 14 Sep 2016 09:29:42 +0000 (11:29 +0200)]
remove state transition from error to fence state
Remove the possible transition from error to fence state. The error
state is an end state and mustn't be left by some automatic action
but on manual intervention!
This also allows us later on to place a service which is not
recoverable from the fence in the error state without generating
and endless loop of state changes.
Add a regression test for a failed node with a service in error
state.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 14 Sep 2016 11:50:02 +0000 (13:50 +0200)]
don't regression test when building the simulator package
we did the tests already when building the HA manager package so
if those did not fail the one from the HA manager simulator will
certainly not fail too so do not waste time running them again.
This has the small drawback that if anyone just builds the simulator
package through `make simdeb` the test won't be run at all for the
build package, this is seldom the case and can be worked around -
i.e. just use the all make target or run the tests manual.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 12 Sep 2016 09:28:17 +0000 (11:28 +0200)]
fix race condition on slow resource commands in started state
When we fixed the dangling state machine - where one command request
from the CRM could result in multiple executes of said command by
the LRM - by ensuring in the LRM that UID identified actions get
only started once per UID (except the stop comand) we introduced a
bug which can result in a lost LRM result from an failed service
start.
The reason for this is that we generated a new UID for the started
state every CRM turn, so that a service gets restarted if it
crashes. But as we do this without checking if the LRM has finished
our last request we may loose the result of this last request.
As an example consider the following timeline of events:
1. CRM request start of Service 'ct:100'
2. LRM starts this request, needs a bit longer
3. Before LRM worker finishes the CRM does an iteration and
generates a new UID for this service
4. The LRM worker finishes but cannot write back its result as
the UID doesn't exists anymore in the managers service status.
5. The CRM gets another round and generates a new UID for 'ct:100'
6. The cycle begins again, the LRM always throws away its last
result as the CRM wrongfully generated an new command
This loss of the result is problematic if it was an erroneous one,
because then it result in a malfunction of the failure restart and
relocate policies.
Fix this by checking in the CRM if the last command was processed by
the LRM, so simply check if a $lrm_result exists.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jul 2016 09:17:49 +0000 (11:17 +0200)]
relocate policy: try to avoid already failed nodes
In the event that the cluster remains stable from the HA view
point (i.e. no LRM failures, no service changes) and a service
with a start error relocate policy configured fails to start
it will cycle between two nodes back and forth, even if other
untried nodes (with a possibility that the service could be
started there) would be available.
The reason for this behavior is that if more than one node is
possible we select the one with the lowest active service count
to minimize cluster impact a bit.
As a start of a service failed on a node a short time ago it
probably will also fail the next try (e.g. storage is offline),
whereas an untried node may have the chance to be fully
able to start the service, which is our goal.
Fix that by excluding those already tried nodes from the top
priority node list in 'select_service_node' if there are other
possible nodes to try, we do that by giving select_service_node
a array of the already tried nodes, those then get deleted from the
selected top priority group.
If there is no node left after that we retry on the current node and
hope that another node becomes available.
While not ideal this a situation caused by the user with a high
probability as our default start error relocation setting is one
relocate try.
If all tries fail we place the service in the error state, the
tried nodes entry gets cleanup after an user triggers an error
recovery by disabling the service, so the information of the tried
nodes stays in the manager status until then.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jul 2016 09:17:48 +0000 (11:17 +0200)]
Manager: record tried node on relocation policy
Instead of counting up an integer on each failed start trial, record
the already tried nodes. We can then use the size of the tried nodes
record array as 'try count' and achieve so the same behaviour as with
the 'relocate_trial' hash earlier.
Log the tried nodes after the service started or if it could not be
started at all, so an admin can follow the behaviour and investigate
the reason of the failure on a specific node.
This prepares us also for a more intelligent recovery node selection,
as we can skip already tried nodes from the current recovery cycle.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jul 2016 09:17:47 +0000 (11:17 +0200)]
cleanup manager status on start
Cleanup the manager state in a general way if we get promoted to
manager. This safes us code as instead of having to check all
deprecated entries and delete them, each one extra, we just safe the
state part needed to change master without loosing any result of the
manager status and just delete the rest.
This would include the following keys:
* service status: as it may contain unprocessed results
* manager_node: this is set only once before this cleanup so do not
delete it.
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Jul 2016 12:41:53 +0000 (14:41 +0200)]
FenceConfig: assert that device priorities are unique
Each device priority must be unique to guarantee a deterministic
execution of the configured devices.
Else we cannot decide in which order we should write the devices to
the config file.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Jul 2016 12:41:50 +0000 (14:41 +0200)]
add parser self check regression test
This test does a read -> write -> read cycle and then checks if the
config generated from the first read and the config generated from
the second read are equivalent (semantically).
This tests mainly the FenceConfig::write_config method, the
parse_config method gets checked with the already implemented config
regression tests.
To compare both configs we add a deep object compare method,
it can compare Objects with arbitrary nested data structures from the
types: hash, array and scalar.
It makes an depth first search with some early abortion checks on
the roots of subtrees (i.e. is the length and type the same).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 30 Jun 2016 10:57:39 +0000 (12:57 +0200)]
Fence: rewrite class
A rather big cleanup of parts I already had in a separate branch and
new changes which arose from further testing and evaluating the
current code.
The class is currently not used and thus the rewrite should not be
problematic, I also tested it with my HW fencing branch and it still
works as previously.
Changes:
* add constructor and safe state in class object instead of global
vars
* check_jobs was now split up in collect_finished_workers (which may
be later factored out as LRM uses a similar worker implementation)
and in check_worker_results.
* change method name from start_fencing to run_fence_jobs, it will
check the active workers if the node has already a fence job
deployed or else start fencing for this node
* fix bugs in process_fencing where if multiple parallel device
succeeded at once only one was counted
* restrict waitpid to fence_job worker pids (instead of -1) else
we could get some pretty nasty side effects
* remove 'reset_hard', 'reset' and 'bailout', they are replaced by
kill_and_cleanup_jobs
* some comment and formatting changes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 15 Jun 2016 15:59:01 +0000 (17:59 +0200)]
send email on fence failure and success
Fencing is something which should not happen often in the real world
and has most time a really bad cause, thus send a email when
starting to fence a node and on success to root@localhost to inform
the cluster admin of said failures so he can check the hardware and
cluster status as soon as possible.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 15 Jun 2016 15:58:58 +0000 (17:58 +0200)]
Manager, LRM: sort service keys for deterministic tests
Else we the regression test produce a indeterministic output.
As the hashs would else be traversed in random order it makes no
real difference for the PVE2 environment, so just sort keys when we
add them to the cluster or spawn resource agent workers to avoid
that problem.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
use correct verify function for ha-group-node-list
We use pve_verify_nodename but we expect here a value with the
syntax: nodename[:priority]
So if someone used the optional priority this failed unecessarily.
select_service_node in the Manager class expects this value and
splits it itself into nodename and priority so we can just return
it if it matches the ha-group-node-list format.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
selcet_service_node: include all online nodes in default group
This changes the behaviour of selecting the node a service should
run on when try_next is true.
If no group is set all online nodes will be used as default group.
If the user sets a group this has no changes in behaviour.
If no group is set and the current_node is available and try_next
is false this has also no changes, it behaves the same as in the
past.
If we set try_next and the service has no group set this allows
a new node to be selected if possible. Fixes the relocation policy
on services with no group set, which else will never be relocated
to another group.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Test mainly the behaviour of the select_service_node method when
the service is in no group and the try_next parameter is true,
this happens when the relocate policy is executed.
has no log.expected yet
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fixes an infinite hang on updating or restarting a nodes LRM when a
service within the error state is located on it.
We fix that by not counting those services towards the "active
service count" as an service in an error state is *not* managed by
HA, thus also not active.
As we use the active service count in three places this change has
the following effects:
* when determining if we should try to acquire our agent_lock and
make the state transition from wait_for_agent_lock => active. Here
its safe as we cannot do anything with the erroneous states anyhow,
and as the only way to move out from error state is disabling the
service (thus marking it as stopped) has the result that it still
is not counted as active, as we skip stopped also, so this is safe
and also wanted.
* when restarting the LRM to see if it has frozen all active
services and thus it's allowed to finish the restart. This is the
primary intent of this patch as it allows the LRM to restart safely
witouth hanging forever (and then be killed by systemd which results
in a watchdog node reset).
* when shutting down a LRM in lost_agent_lock state, here it has the
effect that with this patch the node won't get shot by its watchdog
if it has erroneous services but not active ones, this is not only
save but wanted. It makes no sense letting the watchdog trigger when
we have no active services besides the one in the error state, as
when restarting it does not make anything better (error services
won't get touched after all).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
fix relocate/restart trial count leak on service deletion
If a service gets remove from HA remove also its relocate and
restart trial count from LRM status and manager_status, else it
never gets deleted (leak).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 16 Mar 2016 12:01:28 +0000 (13:01 +0100)]
add Fence class for external fence devices
This class provides methods for starting and checking the current
status of a fence job.
When a fence job is started we execute a fence agent command.
If we can fork this happens in forked worker, which can be multiple
processes also, when parallel devices are configured.
When a device fails to successfully fence a node we try the next
device configured, or if no device is left we tell the CRM and let
him decide what to do.
If one process of a parallel device fails we kill the remaining
processes (with reset_hard) and try the next device as we want to
avoid a partial fenced node.
The current running fence jobs can be picked up (if env. allows
forking) and processed by calling the process_fencing method.
If the CRM (which should handle the fencing) looses its lock
bail_out can be called to kill all currently running fencing
processes and reset the fencing status of all nodes.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 16 Mar 2016 12:01:27 +0000 (13:01 +0100)]
Env, HW: add HW fencing related functions
This adds three methods to hardware fencing related functions:
* read_fence_config
* fencing_mode
* exec_fence_agent
'read_fence_config' allows to create a common code base between the
real world and the test/sim world regarding fencing a bit easier.
In PVE2 it parses the config from /etc/pve/ha/fence.cfg and in
the Sim method it parses the config from testdir/status/fence.cfg.
The 'fencing_mode' method checks respective to the callee's
environment if hardware fencing is enabled and returns the wanted
mode:
* PVE2: if the datacenter.cfg key 'fencing' is set then it will be
used, else we use 'watchdog' as default.
* Sim: if the cfg exist and at least one device is configured we use
'hardware' fencing, else we default to 'watchdog'.
For the simulator we should make also a option to turn HW fencing
off and on independent if devices are configured when we implement
HW fencing for it, but that is not really needed for now.
'exec_fence_agent' executes, as the name suggests, environment
specific a fence agent.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 15 Mar 2016 11:40:51 +0000 (12:40 +0100)]
status: show added but not yet active services
If the CRM is dead or not active yet and we add a new service, we do
not see it in the HA status. This can be confusing for the user as
it is queued for adding but does not shows up, so lets show those
services also.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 15 Mar 2016 07:44:28 +0000 (08:44 +0100)]
add FenceConfig class for external fencing devices
Add a FenceConfig class which includes methods to parse a config
file for fence devices in the format specified by dlm.conf, see the
Fencing section in the dlm.conf manpage for more details regarding
this format.
With this we can generate commands for fencing a node from the
parsed config file.
We assume that the fence config resides in the pve cluster fs under
/etc/pve/ha/fence_devices.cfg for the PVE2 environment.
But we can give parse_config and arbitary raw string, this allows
to use fencing also in (regression) tests and simultaion.
A simple regression testing script for the config generation was
also added. This test mainly the parse_config and get_commands
methods. A config file can be passed as argument, else we cycle
through the *.cfg files in the fence_cfgs folder.
Example configs for regression testing are located in
src/test/fence_cfgs directory
Note that not all files are valid examples as some are used to check
the error handling of the parser!
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 24 Feb 2016 07:33:59 +0000 (08:33 +0100)]
fix infinite started <=> migrate cycle
If we get an 'EWRONG_NODE' error from the migration we have no sane
way out. If we place it then in the started state we also get the
'EWRONG_NODE' error again and it even will place the service in
the migration state again (when it's not restricted by a group) and
thus result in an infinite started <=> migrate cycle.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 24 Feb 2016 09:06:52 +0000 (10:06 +0100)]
avoid out of sync command execution in LRM
We are only allowed to execute any command once as else we
may disturb the synchrony between CRM and LRM.
The following scenario could happen:
schedule CRM: deploy task 'migrate' for service vm:100 with UID 1234
schedule LRM: fork task wit UID 123
schedule CRM: idle as no result available yet
schedule LRM: collect finished task UID and write result for CRM
Result was an error
schedule LRM: fork task UID _AGAIN_
schedule CRM: processes _previous_ erroneous result from LRM
and place vm:100 in started state on source node
schedule LRM: collect finished task UID and write result for CRM
This time the task was successful and service is on
target node, but the CRM know _nothing_ of it!
schedule LRM: try to schedule task but service is not on this node!
=> error
To fix that we _never_ execute two exactly same commands after each
other, exactly means here that the UID of the actual command to
queue is already a valid result.
This enforces the originally wanted SYN - ACK behaviour between CRM
and LRMs.
We generate now a new UID for services who does not change state
the one of the following evaluates to true:
* enabled AND in started state
This ensures that the state from the CRM holds in the LRM and thus,
for example, a killed VM gets restarted.
Note that the 'stopped' command is an exception, as we do not check
its result in the CRM (thus no race here) and we always want to
execute it (even when no CRM is active).
Thomas Lamprecht [Fri, 19 Feb 2016 17:41:03 +0000 (18:41 +0100)]
fix 'uninitialized value' on online node usage computation
This fixes a bug introduced by commit 9da84a0 which set the wrong
hash when a disabled service got a migrate/relocate command.
We set "node => $target", while our state machine could handle that
we got some "uninitialized value" warnings when migrating a disabled
service to an inactive LRM. Better set "target => $target"
Further add a test for this scenario.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 12 Feb 2016 15:14:54 +0000 (16:14 +0100)]
fix 'change_service_location' misuse and recovery from fencing
First rename the change_service_location method from the environment
to an more fitting name, 'steal_service'.
The 'change_service_location' from the virtual hardware class stays
at it is, because there the name fits (those function have not the
same meaning, so it's good that they named different now).
As we misused the config steal method (former
change_service_location) in the stopped state to process the
services from fenced nodes we need another way now.
This is achieved through the private method 'recover_fenced_service'
which is now the only place who has the right to steal a service
from an node.
When a node was successfully fenced we no longer change its services
state to 'stopped', rather we drop that hack and search a new node
in 'recover_fenced_service', if found we the steal the service and
move it to from the fenced to the new (recovery) node and place it
there in the 'started' state, after that the state machine is able
to handle the rest.
If we do not find a node we try again next round as that is better
then placing it in the error state, because so we have still a
chance to recover, which we do not have with the error state.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 10 Feb 2016 13:13:44 +0000 (14:13 +0100)]
add VirtFail resource and use it in new regression tests
This resource let us test a defined failiure behaviour ofi services.
Through the VMID we define how it should behave, with the folowing
rules:
When the service has the SID "fa:abcde" the digits a - e mean:
a - no meaning but can be used for differentiating similar resources
b - how many tries are needed to start correctly (0=default)
c - how many tries are needed to migrate correctly (0=default)
d - should shutdown be successful (0 = yes, anything else no)
e - return value of $plugin->exists() defaults to 1 if not set
a,b,c should always be set even if b and c have defaults (makes test
purpose clearer)
d and e
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dietmar Maurer [Wed, 10 Feb 2016 06:20:05 +0000 (07:20 +0100)]
improve verbosity of API status call
Display the state of a LRM when it is not in the "active" state
and has some service configured.
This should reduce confiusion when the LRM is active but still has
to wait for its lock. In such a case the user only sees that it's
active and could think it's malfunctioning because no action
happens.
Also displays the LRM mode, so that we can see when we restart the LRM.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
Remove the "service_config_exists" method from the Environment class
and replace it with a new method in PVE::HA::Tools.
First we do not need this method in the Environment class and second
this can be reused more for checking if a note has any service
configured.
This moves the regression test also a little closer to the real
world behaviour (while maintaining determinism).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fix postinstall script not removing watchdog-mux.socket
watchdog-mux.socket was removed in f8a3fc80af but the
postinstall script used -e instead of -L to test for the
symlink, which fails since the destination is already
removed at that point.
Thomas Lamprecht [Wed, 27 Jan 2016 12:16:35 +0000 (13:16 +0100)]
move upid_wait from PVE2 env to HA::Tools
We can now use the new wait_upid from PVE::Tools and we output a
"Task still active" every five seconds instead of every second,
so we trash the log less.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 27 Jan 2016 12:16:34 +0000 (13:16 +0100)]
fix check if a resource migrated correctly
Move the check from exec_resource_agents to the migrate method of
the resource plugins so that we may delete the traces from the
additional method 'is_on_node' which was intended for this
purpose.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 27 Jan 2016 12:16:33 +0000 (13:16 +0100)]
add after_fork method to HA environment and use it in LRM
As both the realtime simulator and the real world Environment can
fork but we only need to clean up after a fork in the real world
introduce a after_fork method
In PVE2 it closes the inherited INotify fd and reopens it for the
worker.
Also a cfs_update gets triggered as (other) workers may change the
cluster state.
also use the new introduction HA-Env method to clean up after
we forked an LRM worker.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 22 Jan 2016 16:06:42 +0000 (17:06 +0100)]
Move exec_resource_agent from environment classes to LRM
With the changes and preparation work from the previous commits
we can now move the quite important method exec_resource_agent
from the Env classes to the LRM where it get's called.
The main advantage of this is that it now underlies regression
tests and that we do not have two separate methods where it
- does not make sense as agents them self should be virtualized
not the method executing them
- adds more work as the must (or at least should) be in sync
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 22 Jan 2016 16:06:39 +0000 (17:06 +0100)]
Add virtual resources for tests and simulation
Introduce a base class for Virtual Resources with almost all methods
already implemented.
Also add a class for virtual CTs and VMs, with the primary
distinction that CTs may not migrate online.
The Resource are registered in the Hardware class and overwrite
any already registered resources from the same type (e.g. VirtVM
overwrites PVEVM) so that the correct plugins are loaded for
regression tests and the simulator.
This makes the way free for adding(deterministic) 'malicious'
resources, so we can make test where, for example, a service fails
a few times to start or migrate.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jan 2016 10:35:20 +0000 (11:35 +0100)]
LRM: release lock also on restart
Wen restarting the LRM (e.g. on a update) we get an new pid and thus
have to wait for our own lock to timeout.
We can (and should) do that as there are no services or all services
are freezed. If they are freezed only our LRM may touch them so we
we can unfreeze them faster with this patch.
The expected log of the restart-lrm test does not change much as the
test system does not need to wait for a timeout.
This let's the LRM start working directly after a restart,
especially usefull on package updates.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jan 2016 09:26:45 +0000 (10:26 +0100)]
TestHardware: correct shutdown/reboot behaviour of CRM and LRM
Instead of shutting down the LRM and then killing the CRM we now
also make a shutdown request to the CRM, that mirrors the real world
behaviour much better and let's us also test the lock release from
the CRM.
To accomplish this we add new sim_hardware commands for stopping and
starting the CRM.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
projects / pve-ha-manager.git / log