]> git.proxmox.com Git - qemu-server.git/blob - PVE/QemuMigrate.pm
projects / qemu-server.git / blob
? search:


600eeb7f74acd5fafae8feb45a53b1bad9546b6a
[qemu-server.git] / PVE / QemuMigrate.pm
1 package PVE::QemuMigrate;
2
3 use strict;
4 use warnings;
5
6 use IO::File;
7 use IPC::Open2;
8 use Time::HiRes qw( usleep );
9
10 use PVE::Cluster;
11 use PVE::Format qw(render_bytes);
12 use PVE::GuestHelpers qw(safe_boolean_ne safe_string_ne);
13 use PVE::INotify;
14 use PVE::RPCEnvironment;
15 use PVE::Replication;
16 use PVE::ReplicationConfig;
17 use PVE::ReplicationState;
18 use PVE::Storage;
19 use PVE::StorageTunnel;
20 use PVE::Tools;
21 use PVE::Tunnel;
22
23 use PVE::QemuConfig;
24 use PVE::QemuServer::CPUConfig;
25 use PVE::QemuServer::Drive;
26 use PVE::QemuServer::Helpers qw(min_version);
27 use PVE::QemuServer::Machine;
28 use PVE::QemuServer::Monitor qw(mon_cmd);
29 use PVE::QemuServer;
30
31 use PVE::AbstractMigrate;
32 use base qw(PVE::AbstractMigrate);
33
34 # compared against remote end's minimum version
35 our $WS_TUNNEL_VERSION = 2;
36
37 sub fork_tunnel {
38 my ($self, $ssh_forward_info) = @_;
39
40 my $cmd = ['/usr/sbin/qm', 'mtunnel'];
41 my $log = sub {
42 my ($level, $msg) = @_;
43 $self->log($level, $msg);
44 };
45
46 return PVE::Tunnel::fork_ssh_tunnel($self->{rem_ssh}, $cmd, $ssh_forward_info, $log);
47 }
48
49 sub fork_websocket_tunnel {
50 my ($self, $storages, $bridges) = @_;
51
52 my $remote = $self->{opts}->{remote};
53 my $conn = $remote->{conn};
54
55 my $log = sub {
56 my ($level, $msg) = @_;
57 $self->log($level, $msg);
58 };
59
60 my $websocket_url = "https://$conn->{host}:$conn->{port}/api2/json/nodes/$self->{node}/qemu/$remote->{vmid}/mtunnelwebsocket";
61 my $url = "/nodes/$self->{node}/qemu/$remote->{vmid}/mtunnel";
62
63 my $tunnel_params = {
64 url => $websocket_url,
65 };
66
67 my $storage_list = join(',', keys %$storages);
68 my $bridge_list = join(',', keys %$bridges);
69
70 my $req_params = {
71 storages => $storage_list,
72 bridges => $bridge_list,
73 };
74
75 return PVE::Tunnel::fork_websocket_tunnel($conn, $url, $req_params, $tunnel_params, $log);
76 }
77
78 # tunnel_info:
79 # proto: unix (secure) or tcp (insecure/legacy compat)
80 # addr: IP or UNIX socket path
81 # port: optional TCP port
82 # unix_sockets: additional UNIX socket paths to forward
83 sub start_remote_tunnel {
84 my ($self, $tunnel_info) = @_;
85
86 my $nodename = PVE::INotify::nodename();
87 my $migration_type = $self->{opts}->{migration_type};
88
89 if ($migration_type eq 'secure') {
90
91 if ($tunnel_info->{proto} eq 'unix') {
92 my $ssh_forward_info = [];
93
94 my $unix_sockets = [ keys %{$tunnel_info->{unix_sockets}} ];
95 push @$unix_sockets, $tunnel_info->{addr};
96 for my $sock (@$unix_sockets) {
97 push @$ssh_forward_info, "$sock:$sock";
98 unlink $sock;
99 }
100
101 $self->{tunnel} = $self->fork_tunnel($ssh_forward_info);
102
103 my $unix_socket_try = 0; # wait for the socket to become ready
104 while ($unix_socket_try <= 100) {
105 $unix_socket_try++;
106 my $available = 0;
107 foreach my $sock (@$unix_sockets) {
108 if (-S $sock) {
109 $available++;
110 }
111 }
112
113 if ($available == @$unix_sockets) {
114 last;
115 }
116
117 usleep(50000);
118 }
119 if ($unix_socket_try > 100) {
120 $self->{errors} = 1;
121 PVE::Tunnel::finish_tunnel($self->{tunnel});
122 die "Timeout, migration socket $tunnel_info->{addr} did not get ready";
123 }
124 $self->{tunnel}->{unix_sockets} = $unix_sockets if (@$unix_sockets);
125
126 } elsif ($tunnel_info->{proto} eq 'tcp') {
127 my $ssh_forward_info = [];
128 if ($tunnel_info->{addr} eq "localhost") {
129 # for backwards compatibility with older qemu-server versions
130 my $pfamily = PVE::Tools::get_host_address_family($nodename);
131 my $lport = PVE::Tools::next_migrate_port($pfamily);
132 push @$ssh_forward_info, "$lport:localhost:$tunnel_info->{port}";
133 }
134
135 $self->{tunnel} = $self->fork_tunnel($ssh_forward_info);
136
137 } else {
138 die "unsupported protocol in migration URI: $tunnel_info->{proto}\n";
139 }
140 } else {
141 #fork tunnel for insecure migration, to send faster commands like resume
142 $self->{tunnel} = $self->fork_tunnel();
143 }
144 }
145
146 sub lock_vm {
147 my ($self, $vmid, $code, @param) = @_;
148
149 return PVE::QemuConfig->lock_config($vmid, $code, @param);
150 }
151
152 sub target_storage_check_available {
153 my ($self, $storecfg, $targetsid, $volid) = @_;
154
155 if (!$self->{opts}->{remote}) {
156 # check if storage is available on target node
157 my $target_scfg = PVE::Storage::storage_check_enabled(
158 $storecfg,
159 $targetsid,
160 $self->{node},
161 );
162 my ($vtype) = PVE::Storage::parse_volname($storecfg, $volid);
163 die "$volid: content type '$vtype' is not available on storage '$targetsid'\n"
164 if !$target_scfg->{content}->{$vtype};
165 }
166 }
167
168 sub prepare {
169 my ($self, $vmid) = @_;
170
171 my $online = $self->{opts}->{online};
172
173 my $storecfg = $self->{storecfg} = PVE::Storage::config();
174
175 # test if VM exists
176 my $conf = $self->{vmconf} = PVE::QemuConfig->load_config($vmid);
177
178 my $version = PVE::QemuServer::Helpers::get_node_pvecfg_version($self->{node});
179 my $cloudinit_config = $conf->{cloudinit};
180
181 if (
182 PVE::QemuConfig->has_cloudinit($conf) && defined($cloudinit_config)
183 && scalar(keys %$cloudinit_config) > 0
184 && !PVE::QemuServer::Helpers::pvecfg_min_version($version, 7, 2, 13)
185 ) {
186 die "target node is too old (manager <= 7.2-13) and doesn't support new cloudinit section\n";
187 }
188
189 my $repl_conf = PVE::ReplicationConfig->new();
190 $self->{replication_jobcfg} = $repl_conf->find_local_replication_job($vmid, $self->{node});
191 $self->{is_replicated} = $repl_conf->check_for_existing_jobs($vmid, 1);
192
193 if ($self->{replication_jobcfg} && defined($self->{replication_jobcfg}->{remove_job})) {
194 die "refusing to migrate replicated VM whose replication job is marked for removal\n";
195 }
196
197 PVE::QemuConfig->check_lock($conf);
198
199 my $running = 0;
200 if (my $pid = PVE::QemuServer::check_running($vmid)) {
201 die "can't migrate running VM without --online\n" if !$online;
202 $running = $pid;
203
204 if ($self->{is_replicated} && !$self->{replication_jobcfg}) {
205 if ($self->{opts}->{force}) {
206 $self->log('warn', "WARNING: Node '$self->{node}' is not a replication target. Existing " .
207 "replication jobs will fail after migration!\n");
208 } else {
209 die "Cannot live-migrate replicated VM to node '$self->{node}' - not a replication " .
210 "target. Use 'force' to override.\n";
211 }
212 }
213
214 $self->{forcemachine} = PVE::QemuServer::Machine::qemu_machine_pxe($vmid, $conf);
215
216 # To support custom CPU types, we keep QEMU's "-cpu" parameter intact.
217 # Since the parameter itself contains no reference to a custom model,
218 # this makes migration independent of changes to "cpu-models.conf".
219 if ($conf->{cpu}) {
220 my $cpuconf = PVE::JSONSchema::parse_property_string('pve-cpu-conf', $conf->{cpu});
221 if ($cpuconf && PVE::QemuServer::CPUConfig::is_custom_model($cpuconf->{cputype})) {
222 $self->{forcecpu} = PVE::QemuServer::CPUConfig::get_cpu_from_running_vm($pid);
223 }
224 }
225
226 $self->{vm_was_paused} = 1 if PVE::QemuServer::vm_is_paused($vmid);
227 }
228
229 my ($loc_res, $mapped_res, $missing_mappings_by_node) = PVE::QemuServer::check_local_resources($conf, 1);
230 my $blocking_resources = [];
231 for my $res ($loc_res->@*) {
232 if (!grep($res, $mapped_res->@*)) {
233 push $blocking_resources->@*, $res;
234 }
235 }
236 if (scalar($blocking_resources->@*)) {
237 if ($self->{running} || !$self->{opts}->{force}) {
238 die "can't migrate VM which uses local devices: " . join(", ", $blocking_resources->@*) . "\n";
239 } else {
240 $self->log('info', "migrating VM which uses local devices");
241 }
242 }
243
244 if (scalar($mapped_res->@*)) {
245 my $missing_mappings = $missing_mappings_by_node->{$self->{node}};
246 if ($running) {
247 die "can't migrate running VM which uses mapped devices: " . join(", ", $mapped_res->@*) . "\n";
248 } elsif (scalar($missing_mappings->@*)) {
249 die "can't migrate to '$self->{node}': missing mapped devices " . join(", ", $missing_mappings->@*) . "\n";
250 } else {
251 $self->log('info', "migrating VM which uses mapped local devices");
252 }
253 }
254
255 my $vollist = PVE::QemuServer::get_vm_volumes($conf);
256
257 my $storages = {};
258 foreach my $volid (@$vollist) {
259 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
260
261 # check if storage is available on source node
262 my $scfg = PVE::Storage::storage_check_enabled($storecfg, $sid);
263
264 my $targetsid = $sid;
265 # NOTE: local ignores shared mappings, remote maps them
266 if (!$scfg->{shared} || $self->{opts}->{remote}) {
267 $targetsid = PVE::JSONSchema::map_id($self->{opts}->{storagemap}, $sid);
268 }
269
270 $storages->{$targetsid} = 1;
271
272 $self->target_storage_check_available($storecfg, $targetsid, $volid);
273
274 if ($scfg->{shared}) {
275 # PVE::Storage::activate_storage checks this for non-shared storages
276 my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
277 warn "Used shared storage '$sid' is not online on source node!\n"
278 if !$plugin->check_connection($sid, $scfg);
279 }
280 }
281
282 if ($self->{opts}->{remote}) {
283 # test & establish websocket connection
284 my $bridges = map_bridges($conf, $self->{opts}->{bridgemap}, 1);
285 my $tunnel = $self->fork_websocket_tunnel($storages, $bridges);
286 my $min_version = $tunnel->{version} - $tunnel->{age};
287 $self->log('info', "local WS tunnel version: $WS_TUNNEL_VERSION");
288 $self->log('info', "remote WS tunnel version: $tunnel->{version}");
289 $self->log('info', "minimum required WS tunnel version: $min_version");
290 die "Remote tunnel endpoint not compatible, upgrade required\n"
291 if $WS_TUNNEL_VERSION < $min_version;
292 die "Remote tunnel endpoint too old, upgrade required\n"
293 if $WS_TUNNEL_VERSION > $tunnel->{version};
294
295 print "websocket tunnel started\n";
296 $self->{tunnel} = $tunnel;
297 } else {
298 # test ssh connection
299 my $cmd = [ @{$self->{rem_ssh}}, '/bin/true' ];
300 eval { $self->cmd_quiet($cmd); };
301 die "Can't connect to destination address using public key\n" if $@;
302 }
303
304 return $running;
305 }
306
307 sub scan_local_volumes {
308 my ($self, $vmid) = @_;
309
310 my $conf = $self->{vmconf};
311
312 # local volumes which have been copied
313 # and their old_id => new_id pairs
314 $self->{volume_map} = {};
315 $self->{local_volumes} = {};
316
317 my $storecfg = $self->{storecfg};
318 eval {
319
320 # found local volumes and their origin
321 my $local_volumes = $self->{local_volumes};
322 my $local_volumes_errors = {};
323 my $other_errors = [];
324 my $abort = 0;
325
326 my $log_error = sub {
327 my ($msg, $volid) = @_;
328
329 if (defined($volid)) {
330 $local_volumes_errors->{$volid} = $msg;
331 } else {
332 push @$other_errors, $msg;
333 }
334 $abort = 1;
335 };
336
337 my @sids = PVE::Storage::storage_ids($storecfg);
338 foreach my $storeid (@sids) {
339 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
340 next if $scfg->{shared} && !$self->{opts}->{remote};
341 next if !PVE::Storage::storage_check_enabled($storecfg, $storeid, undef, 1);
342
343 # get list from PVE::Storage (for unused volumes)
344 my $dl = PVE::Storage::vdisk_list($storecfg, $storeid, $vmid, undef, 'images');
345
346 next if @{$dl->{$storeid}} == 0;
347
348 my $targetsid = PVE::JSONSchema::map_id($self->{opts}->{storagemap}, $storeid);
349 if (!$self->{opts}->{remote}) {
350 # check if storage is available on target node
351 my $target_scfg = PVE::Storage::storage_check_enabled(
352 $storecfg,
353 $targetsid,
354 $self->{node},
355 );
356
357 die "content type 'images' is not available on storage '$targetsid'\n"
358 if !$target_scfg->{content}->{images};
359
360 }
361
362 my $bwlimit = $self->get_bwlimit($storeid, $targetsid);
363
364 PVE::Storage::foreach_volid($dl, sub {
365 my ($volid, $sid, $volinfo) = @_;
366
367 $local_volumes->{$volid}->{ref} = 'storage';
368 $local_volumes->{$volid}->{size} = $volinfo->{size};
369 $local_volumes->{$volid}->{targetsid} = $targetsid;
370 $local_volumes->{$volid}->{bwlimit} = $bwlimit;
371
372 # If with_snapshots is not set for storage migrate, it tries to use
373 # a raw+size stream, but on-the-fly conversion from qcow2 to raw+size
374 # back to qcow2 is currently not possible.
375 $local_volumes->{$volid}->{snapshots} = ($volinfo->{format} =~ /^(?:qcow2|vmdk)$/);
376 $local_volumes->{$volid}->{format} = $volinfo->{format};
377 });
378 }
379
380 my $replicatable_volumes = !$self->{replication_jobcfg} ? {}
381 : PVE::QemuConfig->get_replicatable_volumes($storecfg, $vmid, $conf, 0, 1);
382 foreach my $volid (keys %{$replicatable_volumes}) {
383 $local_volumes->{$volid}->{replicated} = 1;
384 }
385
386 my $test_volid = sub {
387 my ($volid, $attr) = @_;
388
389 if ($volid =~ m|^/|) {
390 return if $attr->{shared};
391 $local_volumes->{$volid}->{ref} = 'config';
392 die "local file/device\n";
393 }
394
395 my $snaprefs = $attr->{referenced_in_snapshot};
396
397 if ($attr->{cdrom}) {
398 if ($volid eq 'cdrom') {
399 my $msg = "can't migrate local cdrom drive";
400 if (defined($snaprefs) && !$attr->{referenced_in_config}) {
401 my $snapnames = join(', ', sort keys %$snaprefs);
402 $msg .= " (referenced in snapshot - $snapnames)";
403 }
404 &$log_error("$msg\n");
405 return;
406 }
407 return if $volid eq 'none';
408 }
409
410 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
411
412 # check if storage is available on both nodes
413 my $scfg = PVE::Storage::storage_check_enabled($storecfg, $sid);
414
415 my $targetsid = $sid;
416 # NOTE: local ignores shared mappings, remote maps them
417 if (!$scfg->{shared} || $self->{opts}->{remote}) {
418 $targetsid = PVE::JSONSchema::map_id($self->{opts}->{storagemap}, $sid);
419 }
420
421 $self->target_storage_check_available($storecfg, $targetsid, $volid);
422 return if $scfg->{shared} && !$self->{opts}->{remote};
423
424 $local_volumes->{$volid}->{ref} = $attr->{referenced_in_config} ? 'config' : 'snapshot';
425 $local_volumes->{$volid}->{ref} = 'storage' if $attr->{is_unused};
426 $local_volumes->{$volid}->{ref} = 'generated' if $attr->{is_tpmstate};
427
428 $local_volumes->{$volid}->{is_vmstate} = $attr->{is_vmstate} ? 1 : 0;
429
430 $local_volumes->{$volid}->{drivename} = $attr->{drivename}
431 if $attr->{drivename};
432
433 if ($attr->{cdrom}) {
434 if ($volid =~ /vm-\d+-cloudinit/) {
435 $local_volumes->{$volid}->{ref} = 'generated';
436 return;
437 }
438 die "local cdrom image\n";
439 }
440
441 my ($path, $owner) = PVE::Storage::path($storecfg, $volid);
442
443 die "owned by other VM (owner = VM $owner)\n"
444 if !$owner || ($owner != $vmid);
445
446 return if $attr->{is_vmstate};
447
448 if (defined($snaprefs)) {
449 $local_volumes->{$volid}->{snapshots} = 1;
450
451 # we cannot migrate shapshots on local storage
452 # exceptions: 'zfspool' or 'qcow2' files (on directory storage)
453
454 die "online storage migration not possible if non-replicated snapshot exists\n"
455 if $self->{running} && !$local_volumes->{$volid}->{replicated};
456
457 die "remote migration with snapshots not supported yet\n" if $self->{opts}->{remote};
458
459 if (!($scfg->{type} eq 'zfspool'
460 || ($scfg->{type} eq 'btrfs' && $local_volumes->{$volid}->{format} eq 'raw')
461 || $local_volumes->{$volid}->{format} eq 'qcow2'
462 )) {
463 die "non-migratable snapshot exists\n";
464 }
465 }
466
467 die "referenced by linked clone(s)\n"
468 if PVE::Storage::volume_is_base_and_used($storecfg, $volid);
469 };
470
471 PVE::QemuServer::foreach_volid($conf, sub {
472 my ($volid, $attr) = @_;
473 eval { $test_volid->($volid, $attr); };
474 if (my $err = $@) {
475 &$log_error($err, $volid);
476 }
477 });
478
479 foreach my $vol (sort keys %$local_volumes) {
480 my $type = $replicatable_volumes->{$vol} ? 'local, replicated' : 'local';
481 my $ref = $local_volumes->{$vol}->{ref};
482 if ($ref eq 'storage') {
483 $self->log('info', "found $type disk '$vol' (via storage)\n");
484 } elsif ($ref eq 'config') {
485 &$log_error("can't live migrate attached local disks without with-local-disks option\n", $vol)
486 if $self->{running} && !$self->{opts}->{"with-local-disks"};
487 $self->log('info', "found $type disk '$vol' (in current VM config)\n");
488 } elsif ($ref eq 'snapshot') {
489 $self->log('info', "found $type disk '$vol' (referenced by snapshot(s))\n");
490 } elsif ($ref eq 'generated') {
491 $self->log('info', "found generated disk '$vol' (in current VM config)\n");
492 } else {
493 $self->log('info', "found $type disk '$vol'\n");
494 }
495 }
496
497 foreach my $vol (sort keys %$local_volumes_errors) {
498 $self->log('warn', "can't migrate local disk '$vol': $local_volumes_errors->{$vol}");
499 }
500 foreach my $err (@$other_errors) {
501 $self->log('warn', "$err");
502 }
503
504 if ($abort) {
505 die "can't migrate VM - check log\n";
506 }
507
508 # additional checks for local storage
509 foreach my $volid (keys %$local_volumes) {
510 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
511 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
512
513 my $migratable = $scfg->{type} =~ /^(?:dir|btrfs|zfspool|lvmthin|lvm)$/;
514
515 # TODO: what is this even here for?
516 $migratable = 1 if $self->{opts}->{remote};
517
518 die "can't migrate '$volid' - storage type '$scfg->{type}' not supported\n"
519 if !$migratable;
520
521 # image is a linked clone on local storage, se we can't migrate.
522 if (my $basename = (PVE::Storage::parse_volname($storecfg, $volid))[3]) {
523 die "can't migrate '$volid' as it's a clone of '$basename'";
524 }
525 }
526
527 foreach my $volid (sort keys %$local_volumes) {
528 my $ref = $local_volumes->{$volid}->{ref};
529 if ($self->{running} && $ref eq 'config') {
530 $local_volumes->{$volid}->{migration_mode} = 'online';
531 } elsif ($self->{running} && $ref eq 'generated') {
532 # offline migrate the cloud-init ISO and don't regenerate on VM start
533 #
534 # tpmstate will also be offline migrated first, and in case of
535 # live migration then updated by QEMU/swtpm if necessary
536 $local_volumes->{$volid}->{migration_mode} = 'offline';
537 } else {
538 $local_volumes->{$volid}->{migration_mode} = 'offline';
539 }
540 }
541 };
542 die "Problem found while scanning volumes - $@" if $@;
543 }
544
545 sub handle_replication {
546 my ($self, $vmid) = @_;
547
548 my $conf = $self->{vmconf};
549 my $local_volumes = $self->{local_volumes};
550
551 return if !$self->{replication_jobcfg};
552
553 die "can't migrate VM with replicated volumes to remote cluster/node\n"
554 if $self->{opts}->{remote};
555
556 if ($self->{running}) {
557
558 my $version = PVE::QemuServer::kvm_user_version();
559 if (!min_version($version, 4, 2)) {
560 die "can't live migrate VM with replicated volumes, pve-qemu to old (< 4.2)!\n"
561 }
562
563 my @live_replicatable_volumes = $self->filter_local_volumes('online', 1);
564 foreach my $volid (@live_replicatable_volumes) {
565 my $drive = $local_volumes->{$volid}->{drivename};
566 die "internal error - no drive for '$volid'\n" if !defined($drive);
567
568 my $bitmap = "repl_$drive";
569
570 # start tracking before replication to get full delta + a few duplicates
571 $self->log('info', "$drive: start tracking writes using block-dirty-bitmap '$bitmap'");
572 mon_cmd($vmid, 'block-dirty-bitmap-add', node => "drive-$drive", name => $bitmap);
573
574 # other info comes from target node in phase 2
575 $self->{target_drive}->{$drive}->{bitmap} = $bitmap;
576 }
577 }
578 $self->log('info', "replicating disk images");
579
580 my $start_time = time();
581 my $logfunc = sub { $self->log('info', shift) };
582 my $actual_replicated_volumes = PVE::Replication::run_replication(
583 'PVE::QemuConfig', $self->{replication_jobcfg}, $start_time, $start_time, $logfunc);
584
585 # extra safety check
586 my @replicated_volumes = $self->filter_local_volumes(undef, 1);
587 foreach my $volid (@replicated_volumes) {
588 die "expected volume '$volid' to get replicated, but it wasn't\n"
589 if !$actual_replicated_volumes->{$volid};
590 }
591 }
592
593 sub config_update_local_disksizes {
594 my ($self) = @_;
595
596 my $conf = $self->{vmconf};
597 my $local_volumes = $self->{local_volumes};
598
599 PVE::QemuConfig->foreach_volume($conf, sub {
600 my ($key, $drive) = @_;
601 # skip special disks, will be handled later
602 return if $key eq 'efidisk0';
603 return if $key eq 'tpmstate0';
604
605 my $volid = $drive->{file};
606 return if !defined($local_volumes->{$volid}); # only update sizes for local volumes
607
608 my ($updated, $msg) = PVE::QemuServer::Drive::update_disksize($drive, $local_volumes->{$volid}->{size});
609 if (defined($updated)) {
610 $conf->{$key} = PVE::QemuServer::print_drive($updated);
611 $self->log('info', "drive '$key': $msg");
612 }
613 });
614
615 # we want to set the efidisk size in the config to the size of the
616 # real OVMF_VARS.fd image, else we can create a too big image, which does not work
617 if (defined($conf->{efidisk0})) {
618 PVE::QemuServer::update_efidisk_size($conf);
619 }
620
621 # TPM state might have an irregular filesize, to avoid problems on transfer
622 # we always assume the static size of 4M to allocate on the target
623 if (defined($conf->{tpmstate0})) {
624 PVE::QemuServer::update_tpmstate_size($conf);
625 }
626 }
627
628 sub filter_local_volumes {
629 my ($self, $migration_mode, $replicated) = @_;
630
631 my $volumes = $self->{local_volumes};
632 my @filtered_volids;
633
634 foreach my $volid (sort keys %{$volumes}) {
635 next if defined($migration_mode) && safe_string_ne($volumes->{$volid}->{migration_mode}, $migration_mode);
636 next if defined($replicated) && safe_boolean_ne($volumes->{$volid}->{replicated}, $replicated);
637 push @filtered_volids, $volid;
638 }
639
640 return @filtered_volids;
641 }
642
643 sub sync_offline_local_volumes {
644 my ($self) = @_;
645
646 my $local_volumes = $self->{local_volumes};
647 my @volids = $self->filter_local_volumes('offline', 0);
648
649 my $storecfg = $self->{storecfg};
650 my $opts = $self->{opts};
651
652 $self->log('info', "copying local disk images") if scalar(@volids);
653
654 foreach my $volid (@volids) {
655 my $new_volid;
656
657 my $opts = $self->{opts};
658 if ($opts->{remote}) {
659 my $log = sub {
660 my ($level, $msg) = @_;
661 $self->log($level, $msg);
662 };
663
664 $new_volid = PVE::StorageTunnel::storage_migrate(
665 $self->{tunnel},
666 $storecfg,
667 $volid,
668 $self->{vmid},
669 $opts->{remote}->{vmid},
670 $local_volumes->{$volid},
671 $log,
672 );
673 } else {
674 my $targetsid = $local_volumes->{$volid}->{targetsid};
675
676 my $bwlimit = $local_volumes->{$volid}->{bwlimit};
677 $bwlimit = $bwlimit * 1024 if defined($bwlimit); # storage_migrate uses bps
678
679 my $storage_migrate_opts = {
680 'ratelimit_bps' => $bwlimit,
681 'insecure' => $opts->{migration_type} eq 'insecure',
682 'with_snapshots' => $local_volumes->{$volid}->{snapshots},
683 'allow_rename' => !$local_volumes->{$volid}->{is_vmstate},
684 };
685
686 my $logfunc = sub { $self->log('info', $_[0]); };
687 $new_volid = eval {
688 PVE::Storage::storage_migrate(
689 $storecfg,
690 $volid,
691 $self->{ssh_info},
692 $targetsid,
693 $storage_migrate_opts,
694 $logfunc,
695 );
696 };
697 if (my $err = $@) {
698 die "storage migration for '$volid' to storage '$targetsid' failed - $err\n";
699 }
700 }
701
702 $self->{volume_map}->{$volid} = $new_volid;
703 $self->log('info', "volume '$volid' is '$new_volid' on the target\n");
704
705 eval { PVE::Storage::deactivate_volumes($storecfg, [$volid]); };
706 if (my $err = $@) {
707 $self->log('warn', $err);
708 }
709 }
710 }
711
712 sub cleanup_remotedisks {
713 my ($self) = @_;
714
715 if ($self->{opts}->{remote}) {
716 PVE::Tunnel::finish_tunnel($self->{tunnel}, 1);
717 delete $self->{tunnel};
718 return;
719 }
720
721 my $local_volumes = $self->{local_volumes};
722
723 foreach my $volid (values %{$self->{volume_map}}) {
724 # don't clean up replicated disks!
725 next if $local_volumes->{$volid}->{replicated};
726
727 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
728
729 my $cmd = [@{$self->{rem_ssh}}, 'pvesm', 'free', "$storeid:$volname"];
730
731 eval{ PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => sub {}) };
732 if (my $err = $@) {
733 $self->log('err', $err);
734 $self->{errors} = 1;
735 }
736 }
737 }
738
739 sub cleanup_bitmaps {
740 my ($self) = @_;
741 foreach my $drive (keys %{$self->{target_drive}}) {
742 my $bitmap = $self->{target_drive}->{$drive}->{bitmap};
743 next if !$bitmap;
744 $self->log('info', "$drive: removing block-dirty-bitmap '$bitmap'");
745 mon_cmd($self->{vmid}, 'block-dirty-bitmap-remove', node => "drive-$drive", name => $bitmap);
746 }
747 }
748
749 sub phase1 {
750 my ($self, $vmid) = @_;
751
752 $self->log('info', "starting migration of VM $vmid to node '$self->{node}' ($self->{nodeip})");
753
754 my $conf = $self->{vmconf};
755
756 # set migrate lock in config file
757 $conf->{lock} = 'migrate';
758 PVE::QemuConfig->write_config($vmid, $conf);
759
760 $self->scan_local_volumes($vmid);
761
762 # fix disk sizes to match their actual size and write changes,
763 # so that the target allocates the correct volumes
764 $self->config_update_local_disksizes();
765 PVE::QemuConfig->write_config($vmid, $conf);
766
767 $self->handle_replication($vmid);
768
769 $self->sync_offline_local_volumes();
770 $self->phase1_remote($vmid) if $self->{opts}->{remote};
771 };
772
773 sub map_bridges {
774 my ($conf, $map, $scan_only) = @_;
775
776 my $bridges = {};
777
778 foreach my $opt (keys %$conf) {
779 next if $opt !~ m/^net\d+$/;
780
781 next if !$conf->{$opt};
782 my $d = PVE::QemuServer::parse_net($conf->{$opt});
783 next if !$d || !$d->{bridge};
784
785 my $target_bridge = PVE::JSONSchema::map_id($map, $d->{bridge});
786 $bridges->{$target_bridge}->{$opt} = $d->{bridge};
787
788 next if $scan_only;
789
790 $d->{bridge} = $target_bridge;
791 $conf->{$opt} = PVE::QemuServer::print_net($d);
792 }
793
794 return $bridges;
795 }
796
797 sub phase1_remote {
798 my ($self, $vmid) = @_;
799
800 my $remote_conf = PVE::QemuConfig->load_config($vmid);
801 PVE::QemuConfig->update_volume_ids($remote_conf, $self->{volume_map});
802
803 my $bridges = map_bridges($remote_conf, $self->{opts}->{bridgemap});
804 for my $target (keys $bridges->%*) {
805 for my $nic (keys $bridges->{$target}->%*) {
806 $self->log('info', "mapped: $nic from $bridges->{$target}->{$nic} to $target");
807 }
808 }
809
810 my @online_local_volumes = $self->filter_local_volumes('online');
811
812 my $storage_map = $self->{opts}->{storagemap};
813 $self->{nbd} = {};
814 PVE::QemuConfig->foreach_volume($remote_conf, sub {
815 my ($ds, $drive) = @_;
816
817 # TODO eject CDROM?
818 return if PVE::QemuServer::drive_is_cdrom($drive);
819
820 my $volid = $drive->{file};
821 return if !$volid;
822
823 return if !grep { $_ eq $volid} @online_local_volumes;
824
825 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
826 my $scfg = PVE::Storage::storage_config($self->{storecfg}, $storeid);
827 my $source_format = PVE::QemuServer::qemu_img_format($scfg, $volname);
828
829 # set by target cluster
830 my $oldvolid = delete $drive->{file};
831 delete $drive->{format};
832
833 my $targetsid = PVE::JSONSchema::map_id($storage_map, $storeid);
834
835 my $params = {
836 format => $source_format,
837 storage => $targetsid,
838 drive => $drive,
839 };
840
841 $self->log('info', "Allocating volume for drive '$ds' on remote storage '$targetsid'..");
842 my $res = PVE::Tunnel::write_tunnel($self->{tunnel}, 600, 'disk', $params);
843
844 $self->log('info', "volume '$oldvolid' is '$res->{volid}' on the target\n");
845 $remote_conf->{$ds} = $res->{drivestr};
846 $self->{nbd}->{$ds} = $res;
847 });
848
849 my $conf_str = PVE::QemuServer::write_vm_config("remote", $remote_conf);
850
851 # TODO expose in PVE::Firewall?
852 my $vm_fw_conf_path = "/etc/pve/firewall/$vmid.fw";
853 my $fw_conf_str;
854 $fw_conf_str = PVE::Tools::file_get_contents($vm_fw_conf_path)
855 if -e $vm_fw_conf_path;
856 my $params = {
857 conf => $conf_str,
858 'firewall-config' => $fw_conf_str,
859 };
860
861 PVE::Tunnel::write_tunnel($self->{tunnel}, 10, 'config', $params);
862 }
863
864 sub phase1_cleanup {
865 my ($self, $vmid, $err) = @_;
866
867 $self->log('info', "aborting phase 1 - cleanup resources");
868
869 my $conf = $self->{vmconf};
870 delete $conf->{lock};
871 eval { PVE::QemuConfig->write_config($vmid, $conf) };
872 if (my $err = $@) {
873 $self->log('err', $err);
874 }
875
876 eval { $self->cleanup_remotedisks() };
877 if (my $err = $@) {
878 $self->log('err', $err);
879 }
880
881 eval { $self->cleanup_bitmaps() };
882 if (my $err =$@) {
883 $self->log('err', $err);
884 }
885 }
886
887 sub phase2_start_local_cluster {
888 my ($self, $vmid, $params) = @_;
889
890 my $conf = $self->{vmconf};
891 my $local_volumes = $self->{local_volumes};
892 my @online_local_volumes = $self->filter_local_volumes('online');
893
894 my $start = $params->{start_params};
895 my $migrate = $params->{migrate_opts};
896
897 $self->log('info', "starting VM $vmid on remote node '$self->{node}'");
898
899 my $tunnel_info = {};
900
901 ## start on remote node
902 my $cmd = [@{$self->{rem_ssh}}];
903
904 push @$cmd, 'qm', 'start', $vmid;
905
906 if ($start->{skiplock}) {
907 push @$cmd, '--skiplock';
908 }
909
910 push @$cmd, '--migratedfrom', $migrate->{migratedfrom};
911
912 push @$cmd, '--migration_type', $migrate->{type};
913
914 push @$cmd, '--migration_network', $migrate->{network}
915 if $migrate->{network};
916
917 push @$cmd, '--stateuri', $start->{statefile};
918
919 if ($start->{forcemachine}) {
920 push @$cmd, '--machine', $start->{forcemachine};
921 }
922
923 if ($start->{forcecpu}) {
924 push @$cmd, '--force-cpu', $start->{forcecpu};
925 }
926
927 if ($self->{storage_migration}) {
928 push @$cmd, '--targetstorage', ($self->{opts}->{targetstorage} // '1');
929 }
930
931 my $spice_port;
932 my $input = "nbd_protocol_version: $migrate->{nbd_proto_version}\n";
933
934 my @offline_local_volumes = $self->filter_local_volumes('offline');
935 for my $volid (@offline_local_volumes) {
936 my $drivename = $local_volumes->{$volid}->{drivename};
937 next if !$drivename || !$conf->{$drivename};
938
939 my $new_volid = $self->{volume_map}->{$volid};
940 next if !$new_volid || $volid eq $new_volid;
941
942 # FIXME PVE 8.x only use offline_volume variant once all targets can handle it
943 if ($drivename eq 'tpmstate0') {
944 $input .= "$drivename: $new_volid\n"
945 } else {
946 $input .= "offline_volume: $drivename: $new_volid\n"
947 }
948 }
949
950 $input .= "spice_ticket: $migrate->{spice_ticket}\n" if $migrate->{spice_ticket};
951
952 my @online_replicated_volumes = $self->filter_local_volumes('online', 1);
953 foreach my $volid (@online_replicated_volumes) {
954 $input .= "replicated_volume: $volid\n";
955 }
956
957 my $handle_storage_migration_listens = sub {
958 my ($drive_key, $drivestr, $nbd_uri) = @_;
959
960 $self->{stopnbd} = 1;
961 $self->{target_drive}->{$drive_key}->{drivestr} = $drivestr;
962 $self->{target_drive}->{$drive_key}->{nbd_uri} = $nbd_uri;
963
964 my $source_drive = PVE::QemuServer::parse_drive($drive_key, $conf->{$drive_key});
965 my $target_drive = PVE::QemuServer::parse_drive($drive_key, $drivestr);
966 my $source_volid = $source_drive->{file};
967 my $target_volid = $target_drive->{file};
968
969 $self->{volume_map}->{$source_volid} = $target_volid;
970 $self->log('info', "volume '$source_volid' is '$target_volid' on the target\n");
971 };
972
973 my $target_replicated_volumes = {};
974
975 # Note: We try to keep $spice_ticket secret (do not pass via command line parameter)
976 # instead we pipe it through STDIN
977 my $exitcode = PVE::Tools::run_command($cmd, input => $input, outfunc => sub {
978 my $line = shift;
979
980 if ($line =~ m/^migration listens on (tcp):(localhost|[\d\.]+|\[[\d\.:a-fA-F]+\]):(\d+)$/) {
981 $tunnel_info->{addr} = $2;
982 $tunnel_info->{port} = int($3);
983 $tunnel_info->{proto} = $1;
984 }
985 elsif ($line =~ m!^migration listens on (unix):(/run/qemu-server/(\d+)\.migrate)$!) {
986 $tunnel_info->{addr} = $2;
987 die "Destination UNIX sockets VMID does not match source VMID" if $vmid ne $3;
988 $tunnel_info->{proto} = $1;
989 }
990 elsif ($line =~ m/^migration listens on port (\d+)$/) {
991 $tunnel_info->{addr} = "localhost";
992 $tunnel_info->{port} = int($1);
993 $tunnel_info->{proto} = "tcp";
994 }
995 elsif ($line =~ m/^spice listens on port (\d+)$/) {
996 $spice_port = int($1);
997 }
998 elsif ($line =~ m/^storage migration listens on nbd:(localhost|[\d\.]+|\[[\d\.:a-fA-F]+\]):(\d+):exportname=(\S+) volume:(\S+)$/) {
999 my $drivestr = $4;
1000 my $nbd_uri = "nbd:$1:$2:exportname=$3";
1001 my $targetdrive = $3;
1002 $targetdrive =~ s/drive-//g;
1003
1004 $handle_storage_migration_listens->($targetdrive, $drivestr, $nbd_uri);
1005 } elsif ($line =~ m!^storage migration listens on nbd:unix:(/run/qemu-server/(\d+)_nbd\.migrate):exportname=(\S+) volume:(\S+)$!) {
1006 my $drivestr = $4;
1007 die "Destination UNIX socket's VMID does not match source VMID" if $vmid ne $2;
1008 my $nbd_unix_addr = $1;
1009 my $nbd_uri = "nbd:unix:$nbd_unix_addr:exportname=$3";
1010 my $targetdrive = $3;
1011 $targetdrive =~ s/drive-//g;
1012
1013 $handle_storage_migration_listens->($targetdrive, $drivestr, $nbd_uri);
1014 $tunnel_info->{unix_sockets}->{$nbd_unix_addr} = 1;
1015 } elsif ($line =~ m/^re-using replicated volume: (\S+) - (.*)$/) {
1016 my $drive = $1;
1017 my $volid = $2;
1018 $target_replicated_volumes->{$volid} = $drive;
1019 } elsif ($line =~ m/^QEMU: (.*)$/) {
1020 $self->log('info', "[$self->{node}] $1\n");
1021 }
1022 }, errfunc => sub {
1023 my $line = shift;
1024 $self->log('info', "[$self->{node}] $line");
1025 }, noerr => 1);
1026
1027 die "remote command failed with exit code $exitcode\n" if $exitcode;
1028
1029 die "unable to detect remote migration address\n" if !$tunnel_info->{addr} || !$tunnel_info->{proto};
1030
1031 if (scalar(keys %$target_replicated_volumes) != scalar(@online_replicated_volumes)) {
1032 die "number of replicated disks on source and target node do not match - target node too old?\n"
1033 }
1034
1035 return ($tunnel_info, $spice_port);
1036 }
1037
1038 sub phase2_start_remote_cluster {
1039 my ($self, $vmid, $params) = @_;
1040
1041 die "insecure migration to remote cluster not implemented\n"
1042 if $params->{migrate_opts}->{type} ne 'websocket';
1043
1044 my $remote_vmid = $self->{opts}->{remote}->{vmid};
1045
1046 # like regular start but with some overhead accounted for
1047 my $timeout = PVE::QemuServer::Helpers::config_aware_timeout($self->{vmconf}) + 10;
1048
1049 my $res = PVE::Tunnel::write_tunnel($self->{tunnel}, $timeout, "start", $params);
1050
1051 foreach my $drive (keys %{$res->{drives}}) {
1052 $self->{stopnbd} = 1;
1053 $self->{target_drive}->{$drive}->{drivestr} = $res->{drives}->{$drive}->{drivestr};
1054 my $nbd_uri = $res->{drives}->{$drive}->{nbd_uri};
1055 die "unexpected NBD uri for '$drive': $nbd_uri\n"
1056 if $nbd_uri !~ s!/run/qemu-server/$remote_vmid\_!/run/qemu-server/$vmid\_!;
1057
1058 $self->{target_drive}->{$drive}->{nbd_uri} = $nbd_uri;
1059 }
1060
1061 return ($res->{migrate}, $res->{spice_port});
1062 }
1063
1064 sub phase2 {
1065 my ($self, $vmid) = @_;
1066
1067 my $conf = $self->{vmconf};
1068 my $local_volumes = $self->{local_volumes};
1069
1070 # version > 0 for unix socket support
1071 my $nbd_protocol_version = 1;
1072
1073 my $spice_ticket;
1074 if (PVE::QemuServer::vga_conf_has_spice($conf->{vga})) {
1075 my $res = mon_cmd($vmid, 'query-spice');
1076 $spice_ticket = $res->{ticket};
1077 }
1078
1079 my $migration_type = $self->{opts}->{migration_type};
1080 my $state_uri = $migration_type eq 'insecure' ? 'tcp' : 'unix';
1081
1082 my $params = {
1083 start_params => {
1084 statefile => $state_uri,
1085 forcemachine => $self->{forcemachine},
1086 forcecpu => $self->{forcecpu},
1087 skiplock => 1,
1088 },
1089 migrate_opts => {
1090 spice_ticket => $spice_ticket,
1091 type => $migration_type,
1092 network => $self->{opts}->{migration_network},
1093 storagemap => $self->{opts}->{storagemap},
1094 migratedfrom => PVE::INotify::nodename(),
1095 nbd_proto_version => $nbd_protocol_version,
1096 nbd => $self->{nbd},
1097 },
1098 };
1099
1100 my ($tunnel_info, $spice_port);
1101
1102 my @online_local_volumes = $self->filter_local_volumes('online');
1103 $self->{storage_migration} = 1 if scalar(@online_local_volumes);
1104
1105 if (my $remote = $self->{opts}->{remote}) {
1106 my $remote_vmid = $remote->{vmid};
1107 $params->{migrate_opts}->{remote_node} = $self->{node};
1108 ($tunnel_info, $spice_port) = $self->phase2_start_remote_cluster($vmid, $params);
1109 die "only UNIX sockets are supported for remote migration\n"
1110 if $tunnel_info->{proto} ne 'unix';
1111
1112 my $remote_socket = $tunnel_info->{addr};
1113 my $local_socket = $remote_socket;
1114 $local_socket =~ s/$remote_vmid/$vmid/g;
1115 $tunnel_info->{addr} = $local_socket;
1116
1117 $self->log('info', "Setting up tunnel for '$local_socket'");
1118 PVE::Tunnel::forward_unix_socket($self->{tunnel}, $local_socket, $remote_socket);
1119
1120 foreach my $remote_socket (@{$tunnel_info->{unix_sockets}}) {
1121 my $local_socket = $remote_socket;
1122 $local_socket =~ s/$remote_vmid/$vmid/g;
1123 next if $self->{tunnel}->{forwarded}->{$local_socket};
1124 $self->log('info', "Setting up tunnel for '$local_socket'");
1125 PVE::Tunnel::forward_unix_socket($self->{tunnel}, $local_socket, $remote_socket);
1126 }
1127 } else {
1128 ($tunnel_info, $spice_port) = $self->phase2_start_local_cluster($vmid, $params);
1129
1130 $self->log('info', "start remote tunnel");
1131 $self->start_remote_tunnel($tunnel_info);
1132 }
1133
1134 my $migrate_uri = "$tunnel_info->{proto}:$tunnel_info->{addr}";
1135 $migrate_uri .= ":$tunnel_info->{port}"
1136 if defined($tunnel_info->{port});
1137
1138 if ($self->{storage_migration}) {
1139 $self->{storage_migration_jobs} = {};
1140 $self->log('info', "starting storage migration");
1141
1142 die "The number of local disks does not match between the source and the destination.\n"
1143 if (scalar(keys %{$self->{target_drive}}) != scalar(@online_local_volumes));
1144 foreach my $drive (keys %{$self->{target_drive}}){
1145 my $target = $self->{target_drive}->{$drive};
1146 my $nbd_uri = $target->{nbd_uri};
1147
1148 my $source_drive = PVE::QemuServer::parse_drive($drive, $conf->{$drive});
1149 my $source_volid = $source_drive->{file};
1150
1151 my $bwlimit = $self->{local_volumes}->{$source_volid}->{bwlimit};
1152 my $bitmap = $target->{bitmap};
1153
1154 $self->log('info', "$drive: start migration to $nbd_uri");
1155 PVE::QemuServer::qemu_drive_mirror($vmid, $drive, $nbd_uri, $vmid, undef, $self->{storage_migration_jobs}, 'skip', undef, $bwlimit, $bitmap);
1156 }
1157 }
1158
1159 $self->log('info', "starting online/live migration on $migrate_uri");
1160 $self->{livemigration} = 1;
1161
1162 # load_defaults
1163 my $defaults = PVE::QemuServer::load_defaults();
1164
1165 $self->log('info', "set migration capabilities");
1166 eval { PVE::QemuServer::set_migration_caps($vmid) };
1167 warn $@ if $@;
1168
1169 my $qemu_migrate_params = {};
1170
1171 # migrate speed can be set via bwlimit (datacenter.cfg and API) and via the
1172 # migrate_speed parameter in qm.conf - take the lower of the two.
1173 my $bwlimit = $self->get_bwlimit();
1174
1175 my $migrate_speed = $conf->{migrate_speed} // 0;
1176 $migrate_speed *= 1024; # migrate_speed is in MB/s, bwlimit in KB/s
1177
1178 if ($bwlimit && $migrate_speed) {
1179 $migrate_speed = ($bwlimit < $migrate_speed) ? $bwlimit : $migrate_speed;
1180 } else {
1181 $migrate_speed ||= $bwlimit;
1182 }
1183 $migrate_speed ||= ($defaults->{migrate_speed} || 0) * 1024;
1184
1185 if ($migrate_speed) {
1186 $migrate_speed *= 1024; # qmp takes migrate_speed in B/s.
1187 $self->log('info', "migration speed limit: ". render_bytes($migrate_speed, 1) ."/s");
1188 } else {
1189 # always set migrate speed as QEMU default to 128 MiBps == 1 Gbps, use 16 GiBps == 128 Gbps
1190 $migrate_speed = (16 << 30);
1191 }
1192 $qemu_migrate_params->{'max-bandwidth'} = int($migrate_speed);
1193
1194 my $migrate_downtime = $defaults->{migrate_downtime};
1195 $migrate_downtime = $conf->{migrate_downtime} if defined($conf->{migrate_downtime});
1196 # migrate-set-parameters expects limit in ms
1197 $migrate_downtime *= 1000;
1198 $self->log('info', "migration downtime limit: $migrate_downtime ms");
1199 $qemu_migrate_params->{'downtime-limit'} = int($migrate_downtime);
1200
1201 # set cachesize to 10% of the total memory
1202 my $memory = $conf->{memory} || $defaults->{memory};
1203 my $cachesize = int($memory * 1048576 / 10);
1204 $cachesize = round_powerof2($cachesize);
1205
1206 $self->log('info', "migration cachesize: " . render_bytes($cachesize, 1));
1207 $qemu_migrate_params->{'xbzrle-cache-size'} = int($cachesize);
1208
1209 $self->log('info', "set migration parameters");
1210 eval {
1211 mon_cmd($vmid, "migrate-set-parameters", %{$qemu_migrate_params});
1212 };
1213 $self->log('info', "migrate-set-parameters error: $@") if $@;
1214
1215 if (PVE::QemuServer::vga_conf_has_spice($conf->{vga}) && !$self->{opts}->{remote}) {
1216 my $rpcenv = PVE::RPCEnvironment::get();
1217 my $authuser = $rpcenv->get_user();
1218
1219 my (undef, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $self->{node});
1220
1221 my $filename = "/etc/pve/nodes/$self->{node}/pve-ssl.pem";
1222 my $subject = PVE::AccessControl::read_x509_subject_spice($filename);
1223
1224 $self->log('info', "spice client_migrate_info");
1225
1226 eval {
1227 mon_cmd($vmid, "client_migrate_info", protocol => 'spice',
1228 hostname => $proxyticket, 'port' => 0, 'tls-port' => $spice_port,
1229 'cert-subject' => $subject);
1230 };
1231 $self->log('info', "client_migrate_info error: $@") if $@;
1232
1233 }
1234
1235 my $start = time();
1236
1237 $self->log('info', "start migrate command to $migrate_uri");
1238 eval {
1239 mon_cmd($vmid, "migrate", uri => $migrate_uri);
1240 };
1241 my $merr = $@;
1242 $self->log('info', "migrate uri => $migrate_uri failed: $merr") if $merr;
1243
1244 my $last_mem_transferred = 0;
1245 my $usleep = 1000000;
1246 my $i = 0;
1247 my $err_count = 0;
1248 my $lastrem = undef;
1249 my $downtimecounter = 0;
1250 while (1) {
1251 $i++;
1252 my $avglstat = $last_mem_transferred ? $last_mem_transferred / $i : 0;
1253
1254 usleep($usleep);
1255
1256 my $stat = eval { mon_cmd($vmid, "query-migrate") };
1257 if (my $err = $@) {
1258 $err_count++;
1259 warn "query migrate failed: $err\n";
1260 $self->log('info', "query migrate failed: $err");
1261 if ($err_count <= 5) {
1262 usleep(1_000_000);
1263 next;
1264 }
1265 die "too many query migrate failures - aborting\n";
1266 }
1267
1268 my $status = $stat->{status};
1269 if (defined($status) && $status =~ m/^(setup)$/im) {
1270 sleep(1);
1271 next;
1272 }
1273
1274 if (!defined($status) || $status !~ m/^(active|completed|failed|cancelled)$/im) {
1275 die $merr if $merr;
1276 die "unable to parse migration status '$status' - aborting\n";
1277 }
1278 $merr = undef;
1279 $err_count = 0;
1280
1281 my $memstat = $stat->{ram};
1282
1283 if ($status eq 'completed') {
1284 my $delay = time() - $start;
1285 if ($delay > 0) {
1286 my $total = $memstat->{total} || 0;
1287 my $avg_speed = render_bytes($total / $delay, 1);
1288 my $downtime = $stat->{downtime} || 0;
1289 $self->log('info', "average migration speed: $avg_speed/s - downtime $downtime ms");
1290 }
1291 }
1292
1293 if ($status eq 'failed' || $status eq 'cancelled') {
1294 my $message = $stat->{'error-desc'} ? "$status - $stat->{'error-desc'}" : $status;
1295 $self->log('info', "migration status error: $message");
1296 die "aborting\n"
1297 }
1298
1299 if ($status ne 'active') {
1300 $self->log('info', "migration status: $status");
1301 last;
1302 }
1303
1304 if ($memstat->{transferred} ne $last_mem_transferred) {
1305 my $trans = $memstat->{transferred} || 0;
1306 my $rem = $memstat->{remaining} || 0;
1307 my $total = $memstat->{total} || 0;
1308 my $speed = ($memstat->{'pages-per-second'} // 0) * ($memstat->{'page-size'} // 0);
1309 my $dirty_rate = ($memstat->{'dirty-pages-rate'} // 0) * ($memstat->{'page-size'} // 0);
1310
1311 # reduce sleep if remainig memory is lower than the average transfer speed
1312 $usleep = 100_000 if $avglstat && $rem < $avglstat;
1313
1314 # also reduce loggin if we poll more frequent
1315 my $should_log = $usleep > 100_000 ? 1 : ($i % 10) == 0;
1316
1317 my $total_h = render_bytes($total, 1);
1318 my $transferred_h = render_bytes($trans, 1);
1319 my $speed_h = render_bytes($speed, 1);
1320
1321 my $progress = "transferred $transferred_h of $total_h VM-state, ${speed_h}/s";
1322
1323 if ($dirty_rate > $speed) {
1324 my $dirty_rate_h = render_bytes($dirty_rate, 1);
1325 $progress .= ", VM dirties lots of memory: $dirty_rate_h/s";
1326 }
1327
1328 $self->log('info', "migration $status, $progress") if $should_log;
1329
1330 my $xbzrle = $stat->{"xbzrle-cache"} || {};
1331 my ($xbzrlebytes, $xbzrlepages) = $xbzrle->@{'bytes', 'pages'};
1332 if ($xbzrlebytes || $xbzrlepages) {
1333 my $bytes_h = render_bytes($xbzrlebytes, 1);
1334
1335 my $msg = "send updates to $xbzrlepages pages in $bytes_h encoded memory";
1336
1337 $msg .= sprintf(", cache-miss %.2f%%", $xbzrle->{'cache-miss-rate'} * 100)
1338 if $xbzrle->{'cache-miss-rate'};
1339
1340 $msg .= ", overflow $xbzrle->{overflow}" if $xbzrle->{overflow};
1341
1342 $self->log('info', "xbzrle: $msg") if $should_log;
1343 }
1344
1345 if (($lastrem && $rem > $lastrem) || ($rem == 0)) {
1346 $downtimecounter++;
1347 }
1348 $lastrem = $rem;
1349
1350 if ($downtimecounter > 5) {
1351 $downtimecounter = 0;
1352 $migrate_downtime *= 2;
1353 $self->log('info', "auto-increased downtime to continue migration: $migrate_downtime ms");
1354 eval {
1355 # migrate-set-parameters does not touch values not
1356 # specified, so this only changes downtime-limit
1357 mon_cmd($vmid, "migrate-set-parameters", 'downtime-limit' => int($migrate_downtime));
1358 };
1359 $self->log('info', "migrate-set-parameters error: $@") if $@;
1360 }
1361 }
1362
1363 $last_mem_transferred = $memstat->{transferred};
1364 }
1365
1366 if ($self->{storage_migration}) {
1367 # finish block-job with block-job-cancel, to disconnect source VM from NBD
1368 # to avoid it trying to re-establish it. We are in blockjob ready state,
1369 # thus, this command changes to it to blockjob complete (see qapi docs)
1370 eval { PVE::QemuServer::qemu_drive_mirror_monitor($vmid, undef, $self->{storage_migration_jobs}, 'cancel'); };
1371 if (my $err = $@) {
1372 die "Failed to complete storage migration: $err\n";
1373 }
1374 }
1375 }
1376
1377 sub phase2_cleanup {
1378 my ($self, $vmid, $err) = @_;
1379
1380 return if !$self->{errors};
1381 $self->{phase2errors} = 1;
1382
1383 $self->log('info', "aborting phase 2 - cleanup resources");
1384
1385 $self->log('info', "migrate_cancel");
1386 eval {
1387 mon_cmd($vmid, "migrate_cancel");
1388 };
1389 $self->log('info', "migrate_cancel error: $@") if $@;
1390
1391 my $vm_status = eval {
1392 mon_cmd($vmid, 'query-status')->{status} or die "no 'status' in result\n";
1393 };
1394 $self->log('err', "query-status error: $@") if $@;
1395
1396 # Can end up in POSTMIGRATE state if failure occurred after convergence. Try going back to
1397 # original state. Unfortunately, direct transition from POSTMIGRATE to PAUSED is not possible.
1398 if ($vm_status && $vm_status eq 'postmigrate') {
1399 if (!$self->{vm_was_paused}) {
1400 eval { mon_cmd($vmid, 'cont'); };
1401 $self->log('err', "resuming VM failed: $@") if $@;
1402 } else {
1403 $self->log('err', "VM was paused, but ended in postmigrate state");
1404 }
1405 }
1406
1407 my $conf = $self->{vmconf};
1408 delete $conf->{lock};
1409 eval { PVE::QemuConfig->write_config($vmid, $conf) };
1410 if (my $err = $@) {
1411 $self->log('err', $err);
1412 }
1413
1414 # cleanup ressources on target host
1415 if ($self->{storage_migration}) {
1416 eval { PVE::QemuServer::qemu_blockjobs_cancel($vmid, $self->{storage_migration_jobs}) };
1417 if (my $err = $@) {
1418 $self->log('err', $err);
1419 }
1420 }
1421
1422 eval { $self->cleanup_bitmaps() };
1423 if (my $err =$@) {
1424 $self->log('err', $err);
1425 }
1426
1427 my $nodename = PVE::INotify::nodename();
1428
1429 if ($self->{tunnel} && $self->{tunnel}->{version} >= 2) {
1430 PVE::Tunnel::write_tunnel($self->{tunnel}, 10, 'stop');
1431 } else {
1432 my $cmd = [@{$self->{rem_ssh}}, 'qm', 'stop', $vmid, '--skiplock', '--migratedfrom', $nodename];
1433 eval{ PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => sub {}) };
1434 if (my $err = $@) {
1435 $self->log('err', $err);
1436 $self->{errors} = 1;
1437 }
1438 }
1439
1440 # cleanup after stopping, otherwise disks might be in-use by target VM!
1441 eval { PVE::QemuMigrate::cleanup_remotedisks($self) };
1442 if (my $err = $@) {
1443 $self->log('err', $err);
1444 }
1445
1446
1447 if ($self->{tunnel}) {
1448 eval { PVE::Tunnel::finish_tunnel($self->{tunnel}); };
1449 if (my $err = $@) {
1450 $self->log('err', $err);
1451 $self->{errors} = 1;
1452 }
1453 }
1454 }
1455
1456 sub phase3 {
1457 my ($self, $vmid) = @_;
1458
1459 return;
1460 }
1461
1462 sub phase3_cleanup {
1463 my ($self, $vmid, $err) = @_;
1464
1465 my $conf = $self->{vmconf};
1466 return if $self->{phase2errors};
1467
1468 my $tunnel = $self->{tunnel};
1469
1470 if ($self->{volume_map} && !$self->{opts}->{remote}) {
1471 my $target_drives = $self->{target_drive};
1472
1473 # FIXME: for NBD storage migration we now only update the volid, and
1474 # not the full drivestr from the target node. Workaround that until we
1475 # got some real rescan, to avoid things like wrong format in the drive
1476 delete $conf->{$_} for keys %$target_drives;
1477 PVE::QemuConfig->update_volume_ids($conf, $self->{volume_map});
1478
1479 for my $drive (keys %$target_drives) {
1480 $conf->{$drive} = $target_drives->{$drive}->{drivestr};
1481 }
1482 PVE::QemuConfig->write_config($vmid, $conf);
1483 }
1484
1485 # transfer replication state before move config
1486 if (!$self->{opts}->{remote}) {
1487 $self->transfer_replication_state() if $self->{is_replicated};
1488 PVE::QemuConfig->move_config_to_node($vmid, $self->{node});
1489 $self->switch_replication_job_target() if $self->{is_replicated};
1490 }
1491
1492 if ($self->{livemigration}) {
1493 if ($self->{stopnbd}) {
1494 $self->log('info', "stopping NBD storage migration server on target.");
1495 # stop nbd server on remote vm - requirement for resume since 2.9
1496 if ($tunnel && $tunnel->{version} && $tunnel->{version} >= 2) {
1497 PVE::Tunnel::write_tunnel($tunnel, 30, 'nbdstop');
1498 } else {
1499 my $cmd = [@{$self->{rem_ssh}}, 'qm', 'nbdstop', $vmid];
1500
1501 eval{ PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => sub {}) };
1502 if (my $err = $@) {
1503 $self->log('err', $err);
1504 $self->{errors} = 1;
1505 }
1506 }
1507 }
1508
1509 # deletes local FDB entries if learning is disabled, they'll be re-added on target on resume
1510 PVE::QemuServer::del_nets_bridge_fdb($conf, $vmid);
1511
1512 if (!$self->{vm_was_paused}) {
1513 # config moved and nbd server stopped - now we can resume vm on target
1514 if ($tunnel && $tunnel->{version} && $tunnel->{version} >= 1) {
1515 my $cmd = $tunnel->{version} == 1 ? "resume $vmid" : "resume";
1516 eval {
1517 PVE::Tunnel::write_tunnel($tunnel, 30, $cmd);
1518 };
1519 if (my $err = $@) {
1520 $self->log('err', $err);
1521 $self->{errors} = 1;
1522 }
1523 } else {
1524 # nocheck in case target node hasn't processed the config move/rename yet
1525 my $cmd = [@{$self->{rem_ssh}}, 'qm', 'resume', $vmid, '--skiplock', '--nocheck'];
1526 my $logf = sub {
1527 my $line = shift;
1528 $self->log('err', $line);
1529 };
1530 eval { PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => $logf); };
1531 if (my $err = $@) {
1532 $self->log('err', $err);
1533 $self->{errors} = 1;
1534 }
1535 }
1536 }
1537
1538 if (
1539 $self->{storage_migration}
1540 && PVE::QemuServer::parse_guest_agent($conf)->{fstrim_cloned_disks}
1541 && $self->{running}
1542 ) {
1543 if (!$self->{vm_was_paused}) {
1544 $self->log('info', "issuing guest fstrim");
1545 if ($self->{opts}->{remote}) {
1546 PVE::Tunnel::write_tunnel($self->{tunnel}, 600, 'fstrim');
1547 } else {
1548 my $cmd = [@{$self->{rem_ssh}}, 'qm', 'guest', 'cmd', $vmid, 'fstrim'];
1549 eval{ PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => sub {}) };
1550 if (my $err = $@) {
1551 $self->log('err', "fstrim failed - $err");
1552 $self->{errors} = 1;
1553 }
1554 }
1555 } else {
1556 $self->log('info', "skipping guest fstrim, because VM is paused");
1557 }
1558 }
1559 }
1560
1561 # close tunnel on successful migration, on error phase2_cleanup closed it
1562 if ($tunnel && $tunnel->{version} == 1) {
1563 eval { PVE::Tunnel::finish_tunnel($tunnel); };
1564 if (my $err = $@) {
1565 $self->log('err', $err);
1566 $self->{errors} = 1;
1567 }
1568 $tunnel = undef;
1569 delete $self->{tunnel};
1570 }
1571
1572 eval {
1573 my $timer = 0;
1574 if (PVE::QemuServer::vga_conf_has_spice($conf->{vga}) && $self->{running}) {
1575 $self->log('info', "Waiting for spice server migration");
1576 while (1) {
1577 my $res = mon_cmd($vmid, 'query-spice');
1578 last if int($res->{'migrated'}) == 1;
1579 last if $timer > 50;
1580 $timer ++;
1581 usleep(200000);
1582 }
1583 }
1584 };
1585
1586 # always stop local VM with nocheck, since config is moved already
1587 eval { PVE::QemuServer::vm_stop($self->{storecfg}, $vmid, 1, 1); };
1588 if (my $err = $@) {
1589 $self->log('err', "stopping vm failed - $err");
1590 $self->{errors} = 1;
1591 }
1592
1593 # always deactivate volumes - avoid lvm LVs to be active on several nodes
1594 eval {
1595 my $vollist = PVE::QemuServer::get_vm_volumes($conf);
1596 PVE::Storage::deactivate_volumes($self->{storecfg}, $vollist);
1597 };
1598 if (my $err = $@) {
1599 $self->log('err', $err);
1600 $self->{errors} = 1;
1601 }
1602
1603 my @not_replicated_volumes = $self->filter_local_volumes(undef, 0);
1604
1605 # destroy local copies
1606 foreach my $volid (@not_replicated_volumes) {
1607 # remote is cleaned up below
1608 next if $self->{opts}->{remote};
1609
1610 eval { PVE::Storage::vdisk_free($self->{storecfg}, $volid); };
1611 if (my $err = $@) {
1612 $self->log('err', "removing local copy of '$volid' failed - $err");
1613 $self->{errors} = 1;
1614 last if $err =~ /^interrupted by signal$/;
1615 }
1616 }
1617
1618 # clear migrate lock
1619 if ($tunnel && $tunnel->{version} >= 2) {
1620 PVE::Tunnel::write_tunnel($tunnel, 10, "unlock");
1621
1622 PVE::Tunnel::finish_tunnel($tunnel);
1623 } else {
1624 my $cmd = [ @{$self->{rem_ssh}}, 'qm', 'unlock', $vmid ];
1625 $self->cmd_logerr($cmd, errmsg => "failed to clear migrate lock");
1626 }
1627
1628 if ($self->{opts}->{remote} && $self->{opts}->{delete}) {
1629 eval { PVE::QemuServer::destroy_vm($self->{storecfg}, $vmid, 1, undef, 0) };
1630 warn "Failed to remove source VM - $@\n" if $@;
1631 }
1632 }
1633
1634 sub final_cleanup {
1635 my ($self, $vmid) = @_;
1636
1637 # nothing to do
1638 }
1639
1640 sub round_powerof2 {
1641 return 1 if $_[0] < 2;
1642 return 2 << int(log($_[0]-1)/log(2));
1643 }
1644
1645 1;
Virtual Machine Manager