]> git.proxmox.com Git - qemu-server.git/blob - PVE/QemuMigrate.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
qemu-server: add support for unsecure migration (setting in datacenter.cfg)
[qemu-server.git] / PVE / QemuMigrate.pm
1 package PVE::QemuMigrate;
2
3 use strict;
4 use warnings;
5 use PVE::AbstractMigrate;
6 use IO::File;
7 use IPC::Open2;
8 use PVE::INotify;
9 use PVE::Tools;
10 use PVE::Cluster;
11 use PVE::Storage;
12 use PVE::QemuServer;
13 use Time::HiRes qw( usleep );
14 use PVE::RPCEnvironment;
15
16 use base qw(PVE::AbstractMigrate);
17
18 sub fork_command_pipe {
19 my ($self, $cmd) = @_;
20
21 my $reader = IO::File->new();
22 my $writer = IO::File->new();
23
24 my $orig_pid = $$;
25
26 my $cpid;
27
28 eval { $cpid = open2($reader, $writer, @$cmd); };
29
30 my $err = $@;
31
32 # catch exec errors
33 if ($orig_pid != $$) {
34 $self->log('err', "can't fork command pipe\n");
35 POSIX::_exit(1);
36 kill('KILL', $$);
37 }
38
39 die $err if $err;
40
41 return { writer => $writer, reader => $reader, pid => $cpid };
42 }
43
44 sub finish_command_pipe {
45 my ($self, $cmdpipe, $timeout) = @_;
46
47 my $writer = $cmdpipe->{writer};
48 my $reader = $cmdpipe->{reader};
49
50 $writer->close();
51 $reader->close();
52
53 my $cpid = $cmdpipe->{pid};
54
55 if ($timeout) {
56 for (my $i = 0; $i < $timeout; $i++) {
57 return if !PVE::ProcFSTools::check_process_running($cpid);
58 sleep(1);
59 }
60 }
61
62 $self->log('info', "ssh tunnel still running - terminating now with SIGTERM\n");
63 kill(15, $cpid);
64
65 # wait again
66 for (my $i = 0; $i < 10; $i++) {
67 return if !PVE::ProcFSTools::check_process_running($cpid);
68 sleep(1);
69 }
70
71 $self->log('info', "ssh tunnel still running - terminating now with SIGKILL\n");
72 kill 9, $cpid;
73 sleep 1;
74 }
75
76 sub fork_tunnel {
77 my ($self, $nodeip, $lport, $rport) = @_;
78
79 my @localtunnelinfo = (defined $lport) ? qw(-L $lport:localhost:$rport) : ();
80
81 my $cmd = [@{$self->{rem_ssh}}, @localtunnelinfo,
82 'qm', 'mtunnel' ];
83
84 my $tunnel = $self->fork_command_pipe($cmd);
85
86 my $reader = $tunnel->{reader};
87
88 my $helo;
89 eval {
90 PVE::Tools::run_with_timeout(60, sub { $helo = <$reader>; });
91 die "no reply\n" if !$helo;
92 die "no quorum on target node\n" if $helo =~ m/^no quorum$/;
93 die "got strange reply from mtunnel ('$helo')\n"
94 if $helo !~ m/^tunnel online$/;
95 };
96 my $err = $@;
97
98 if ($err) {
99 $self->finish_command_pipe($tunnel);
100 die "can't open migration tunnel - $err";
101 }
102 return $tunnel;
103 }
104
105 sub finish_tunnel {
106 my ($self, $tunnel) = @_;
107
108 my $writer = $tunnel->{writer};
109
110 eval {
111 PVE::Tools::run_with_timeout(30, sub {
112 print $writer "quit\n";
113 $writer->flush();
114 });
115 };
116 my $err = $@;
117
118 $self->finish_command_pipe($tunnel, 30);
119
120 die $err if $err;
121 }
122
123 sub lock_vm {
124 my ($self, $vmid, $code, @param) = @_;
125
126 return PVE::QemuServer::lock_config($vmid, $code, @param);
127 }
128
129 sub prepare {
130 my ($self, $vmid) = @_;
131
132 my $online = $self->{opts}->{online};
133
134 $self->{storecfg} = PVE::Storage::config();
135
136 # test is VM exist
137 my $conf = $self->{vmconf} = PVE::QemuServer::load_config($vmid);
138
139 PVE::QemuServer::check_lock($conf);
140
141 my $running = 0;
142 if (my $pid = PVE::QemuServer::check_running($vmid)) {
143 die "cant migrate running VM without --online\n" if !$online;
144 $running = $pid;
145 $self->{forcemachine} = PVE::QemuServer::get_current_qemu_machine($vmid);
146 }
147
148 if (my $loc_res = PVE::QemuServer::check_local_resources($conf, 1)) {
149 if ($self->{running} || !$self->{opts}->{force}) {
150 die "can't migrate VM which uses local devices\n";
151 } else {
152 $self->log('info', "migrating VM which uses local devices");
153 }
154 }
155
156 # activate volumes
157 my $vollist = PVE::QemuServer::get_vm_volumes($conf);
158 PVE::Storage::activate_volumes($self->{storecfg}, $vollist);
159
160 # fixme: check if storage is available on both nodes
161
162 # test ssh connection
163 my $cmd = [ @{$self->{rem_ssh}}, '/bin/true' ];
164 eval { $self->cmd_quiet($cmd); };
165 die "Can't connect to destination address using public key\n" if $@;
166
167 return $running;
168 }
169
170 sub sync_disks {
171 my ($self, $vmid) = @_;
172
173 $self->log('info', "copying disk images");
174
175 my $conf = $self->{vmconf};
176
177 $self->{volumes} = [];
178
179 my $res = [];
180
181 eval {
182
183 my $volhash = {};
184 my $cdromhash = {};
185
186 my $sharedvm = 1;
187
188 my @sids = PVE::Storage::storage_ids($self->{storecfg});
189 foreach my $storeid (@sids) {
190 my $scfg = PVE::Storage::storage_config($self->{storecfg}, $storeid);
191 next if $scfg->{shared};
192 next if !PVE::Storage::storage_check_enabled($self->{storecfg}, $storeid, undef, 1);
193
194 # get list from PVE::Storage (for unused volumes)
195 my $dl = PVE::Storage::vdisk_list($self->{storecfg}, $storeid, $vmid);
196 PVE::Storage::foreach_volid($dl, sub {
197 my ($volid, $sid, $volname) = @_;
198
199 # check if storage is available on target node
200 PVE::Storage::storage_check_node($self->{storecfg}, $sid, $self->{node});
201
202 $volhash->{$volid} = 1;
203 $sharedvm = 0; # there is a non-shared disk
204 });
205 }
206
207 # and add used, owned/non-shared disks (just to be sure we have all)
208
209 PVE::QemuServer::foreach_volid($conf, sub {
210 my ($volid, $is_cdrom) = @_;
211
212 return if !$volid;
213
214 die "cant migrate local file/device '$volid'\n" if $volid =~ m|^/|;
215
216 if ($is_cdrom) {
217 die "cant migrate local cdrom drive\n" if $volid eq 'cdrom';
218 return if $volid eq 'none';
219 $cdromhash->{$volid} = 1;
220 }
221
222 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
223
224 # check if storage is available on both nodes
225 my $scfg = PVE::Storage::storage_check_node($self->{storecfg}, $sid);
226 PVE::Storage::storage_check_node($self->{storecfg}, $sid, $self->{node});
227
228 return if $scfg->{shared};
229
230 die "can't migrate local cdrom '$volid'\n" if $cdromhash->{$volid};
231
232 $sharedvm = 0;
233
234 my ($path, $owner) = PVE::Storage::path($self->{storecfg}, $volid);
235
236 die "can't migrate volume '$volid' - owned by other VM (owner = VM $owner)\n"
237 if !$owner || ($owner != $self->{vmid});
238
239 $volhash->{$volid} = 1;
240 });
241
242 if ($self->{running} && !$sharedvm) {
243 die "can't do online migration - VM uses local disks\n";
244 }
245
246 # do some checks first
247 foreach my $volid (keys %$volhash) {
248 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
249 my $scfg = PVE::Storage::storage_config($self->{storecfg}, $sid);
250
251 die "can't migrate '$volid' - storagy type '$scfg->{type}' not supported\n"
252 if $scfg->{type} ne 'dir';
253
254 # if file, check if a backing file exist
255 if (($scfg->{type} eq 'dir') && (!$sharedvm)) {
256 my (undef, undef, undef, $parent) = PVE::Storage::volume_size_info($self->{storecfg}, $volid, 1);
257 die "can't migrate '$volid' as it's a clone of '$parent'" if $parent;
258 }
259 }
260
261 foreach my $volid (keys %$volhash) {
262 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
263 push @{$self->{volumes}}, $volid;
264 PVE::Storage::storage_migrate($self->{storecfg}, $volid, $self->{nodeip}, $sid);
265 }
266 };
267 die "Failed to sync data - $@" if $@;
268 }
269
270 sub phase1 {
271 my ($self, $vmid) = @_;
272
273 $self->log('info', "starting migration of VM $vmid to node '$self->{node}' ($self->{nodeip})");
274
275 my $conf = $self->{vmconf};
276
277 # set migrate lock in config file
278 $conf->{lock} = 'migrate';
279 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
280
281 sync_disks($self, $vmid);
282
283 };
284
285 sub phase1_cleanup {
286 my ($self, $vmid, $err) = @_;
287
288 $self->log('info', "aborting phase 1 - cleanup resources");
289
290 my $conf = $self->{vmconf};
291 delete $conf->{lock};
292 eval { PVE::QemuServer::update_config_nolock($vmid, $conf, 1) };
293 if (my $err = $@) {
294 $self->log('err', $err);
295 }
296
297 if ($self->{volumes}) {
298 foreach my $volid (@{$self->{volumes}}) {
299 $self->log('err', "found stale volume copy '$volid' on node '$self->{node}'");
300 # fixme: try to remove ?
301 }
302 }
303 }
304
305 sub phase2 {
306 my ($self, $vmid) = @_;
307
308 my $conf = $self->{vmconf};
309
310 $self->log('info', "starting VM $vmid on remote node '$self->{node}'");
311
312 my $raddr;
313 my $rport;
314 my $nodename = PVE::INotify::nodename();
315
316 ## start on remote node
317 my $cmd = [@{$self->{rem_ssh}}];
318
319 my $spice_ticket;
320 if (PVE::QemuServer::vga_conf_has_spice($conf->{vga})) {
321 my $res = PVE::QemuServer::vm_mon_cmd($vmid, 'query-spice');
322 $spice_ticket = $res->{ticket};
323 }
324
325 push @$cmd , 'qm', 'start', $vmid, '--stateuri', 'tcp', '--skiplock', '--migratedfrom', $nodename;
326
327 if ($self->{forcemachine}) {
328 push @$cmd, '--machine', $self->{forcemachine};
329 }
330
331 my $spice_port;
332
333 # Note: We try to keep $spice_ticket secret (do not pass via command line parameter)
334 # instead we pipe it through STDIN
335 PVE::Tools::run_command($cmd, input => $spice_ticket, outfunc => sub {
336 my $line = shift;
337
338 if ($line =~ m/^migration listens on tcp:([\d\.]+|localhost):(\d+)$/) {
339 $raddr = $1;
340 $rport = int($2);
341 }
342 elsif ($line =~ m/^migration listens on port (\d+)$/) {
343 $raddr = "localhost";
344 $rport = int($1);
345 }
346 elsif ($line =~ m/^spice listens on port (\d+)$/) {
347 $spice_port = int($1);
348 }
349 }, errfunc => sub {
350 my $line = shift;
351 $self->log('info', $line);
352 });
353
354 die "unable to detect remote migration address\n" if !$raddr;
355
356 ## create tunnel to remote port
357 $self->log('info', "starting ssh migration tunnel");
358 my $lport = ($raddr eq "localhost") ? PVE::Tools::next_migrate_port() : undef;
359 $self->{tunnel} = $self->fork_tunnel($self->{nodeip}, $lport, $rport);
360
361 my $start = time();
362 $self->log('info', "starting online/live migration on $raddr:$rport");
363 $self->{livemigration} = 1;
364
365 # load_defaults
366 my $defaults = PVE::QemuServer::load_defaults();
367
368 # always set migrate speed (overwrite kvm default of 32m)
369 # we set a very hight default of 8192m which is basically unlimited
370 my $migrate_speed = $defaults->{migrate_speed} || 8192;
371 $migrate_speed = $conf->{migrate_speed} || $migrate_speed;
372 $migrate_speed = $migrate_speed * 1048576;
373 $self->log('info', "migrate_set_speed: $migrate_speed");
374 eval {
375 PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate_set_speed", value => int($migrate_speed));
376 };
377 $self->log('info', "migrate_set_speed error: $@") if $@;
378
379 my $migrate_downtime = $defaults->{migrate_downtime};
380 $migrate_downtime = $conf->{migrate_downtime} if defined($conf->{migrate_downtime});
381 if (defined($migrate_downtime)) {
382 $self->log('info', "migrate_set_downtime: $migrate_downtime");
383 eval {
384 PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate_set_downtime", value => int($migrate_downtime*100)/100);
385 };
386 $self->log('info', "migrate_set_downtime error: $@") if $@;
387 }
388
389 my $capabilities = {};
390 $capabilities->{capability} = "xbzrle";
391 $capabilities->{state} = JSON::false;
392
393 eval {
394 PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate-set-capabilities", capabilities => [$capabilities]);
395 };
396
397 #set cachesize 10% of the total memory
398 my $cachesize = int($conf->{memory}*1048576/10);
399 eval {
400 PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate-set-cache-size", value => $cachesize);
401 };
402
403 if (PVE::QemuServer::vga_conf_has_spice($conf->{vga})) {
404 my $rpcenv = PVE::RPCEnvironment::get();
405 my $authuser = $rpcenv->get_user();
406
407 my (undef, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $self->{node});
408
409 my $filename = "/etc/pve/nodes/$self->{node}/pve-ssl.pem";
410 my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
411
412 $self->log('info', "spice client_migrate_info");
413
414 eval {
415 PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "client_migrate_info", protocol => 'spice',
416 hostname => $proxyticket, 'tls-port' => $spice_port,
417 'cert-subject' => $subject);
418 };
419 $self->log('info', "client_migrate_info error: $@") if $@;
420
421 }
422
423 eval {
424 PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri => "tcp:$raddr:$rport");
425 };
426 my $merr = $@;
427 $self->log('info', "migrate uri => tcp:$raddr:$rport failed: $merr") if $merr;
428
429 my $lstat = 0;
430 my $usleep = 2000000;
431 my $i = 0;
432 my $err_count = 0;
433 my $lastrem = undef;
434 my $downtimecounter = 0;
435 while (1) {
436 $i++;
437 my $avglstat = $lstat/$i if $lstat;
438
439 usleep($usleep);
440 my $stat;
441 eval {
442 $stat = PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "query-migrate");
443 };
444 if (my $err = $@) {
445 $err_count++;
446 warn "query migrate failed: $err\n";
447 if ($err_count <= 5) {
448 usleep(1000000);
449 next;
450 }
451 die "too many query migrate failures - aborting\n";
452 }
453 if ($stat->{status} =~ m/^(active|completed|failed|cancelled)$/im) {
454 $merr = undef;
455 $err_count = 0;
456 if ($stat->{status} eq 'completed') {
457 my $delay = time() - $start;
458 if ($delay > 0) {
459 my $mbps = sprintf "%.2f", $conf->{memory}/$delay;
460 my $downtime = $stat->{downtime} || 0;
461 $self->log('info', "migration speed: $mbps MB/s - downtime $downtime ms");
462 }
463 }
464
465 if ($stat->{status} eq 'failed' || $stat->{status} eq 'cancelled') {
466 die "aborting\n"
467 }
468
469 if ($stat->{status} ne 'active') {
470 $self->log('info', "migration status: $stat->{status}");
471 last;
472 }
473
474 if ($stat->{ram}->{transferred} ne $lstat) {
475 my $trans = $stat->{ram}->{transferred} || 0;
476 my $rem = $stat->{ram}->{remaining} || 0;
477 my $total = $stat->{ram}->{total} || 0;
478 my $xbzrlecachesize = $stat->{"xbzrle-cache"}->{"cache-size"} || 0;
479 my $xbzrlebytes = $stat->{"xbzrle-cache"}->{"bytes"} || 0;
480 my $xbzrlepages = $stat->{"xbzrle-cache"}->{"pages"} || 0;
481 my $xbzrlecachemiss = $stat->{"xbzrle-cache"}->{"cache-miss"} || 0;
482 my $xbzrleoverflow = $stat->{"xbzrle-cache"}->{"overflow"} || 0;
483 #reduce sleep if remainig memory if lower than the everage transfert
484 $usleep = 300000 if $avglstat && $rem < $avglstat;
485
486 $self->log('info', "migration status: $stat->{status} (transferred ${trans}, " .
487 "remaining ${rem}), total ${total})");
488
489 #$self->log('info', "migration xbzrle cachesize: ${xbzrlecachesize} transferred ${xbzrlebytes} pages ${xbzrlepages} cachemiss ${xbzrlecachemiss} overflow ${xbzrleoverflow}");
490 if (($lastrem && $rem > $lastrem ) || ($rem == 0)) {
491 $downtimecounter++;
492 }
493 $lastrem = $rem;
494
495 if ($downtimecounter > 5) {
496 $downtimecounter = 0;
497 $migrate_downtime *= 2;
498 $self->log('info', "migrate_set_downtime: $migrate_downtime");
499 eval {
500 PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate_set_downtime", value => int($migrate_downtime*100)/100);
501 };
502 $self->log('info', "migrate_set_downtime error: $@") if $@;
503 }
504
505 }
506
507
508 $lstat = $stat->{ram}->{transferred};
509
510 } else {
511 die $merr if $merr;
512 die "unable to parse migration status '$stat->{status}' - aborting\n";
513 }
514 }
515 }
516
517 sub phase2_cleanup {
518 my ($self, $vmid, $err) = @_;
519
520 return if !$self->{errors};
521 $self->{phase2errors} = 1;
522
523 $self->log('info', "aborting phase 2 - cleanup resources");
524
525 $self->log('info', "migrate_cancel");
526 eval {
527 PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate_cancel");
528 };
529 $self->log('info', "migrate_cancel error: $@") if $@;
530
531 my $conf = $self->{vmconf};
532 delete $conf->{lock};
533 eval { PVE::QemuServer::update_config_nolock($vmid, $conf, 1) };
534 if (my $err = $@) {
535 $self->log('err', $err);
536 }
537
538 # cleanup ressources on target host
539 my $nodename = PVE::INotify::nodename();
540
541 my $cmd = [@{$self->{rem_ssh}}, 'qm', 'stop', $vmid, '--skiplock', '--migratedfrom', $nodename];
542 eval{ PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => sub {}) };
543 if (my $err = $@) {
544 $self->log('err', $err);
545 $self->{errors} = 1;
546 }
547 }
548
549 sub phase3 {
550 my ($self, $vmid) = @_;
551
552 my $volids = $self->{volumes};
553 return if $self->{phase2errors};
554
555 # destroy local copies
556 foreach my $volid (@$volids) {
557 eval { PVE::Storage::vdisk_free($self->{storecfg}, $volid); };
558 if (my $err = $@) {
559 $self->log('err', "removing local copy of '$volid' failed - $err");
560 $self->{errors} = 1;
561 last if $err =~ /^interrupted by signal$/;
562 }
563 }
564 }
565
566 sub phase3_cleanup {
567 my ($self, $vmid, $err) = @_;
568
569 my $conf = $self->{vmconf};
570 return if $self->{phase2errors};
571
572 # move config to remote node
573 my $conffile = PVE::QemuServer::config_file($vmid);
574 my $newconffile = PVE::QemuServer::config_file($vmid, $self->{node});
575
576 die "Failed to move config to node '$self->{node}' - rename failed: $!\n"
577 if !rename($conffile, $newconffile);
578
579 if ($self->{livemigration}) {
580 # now that config file is move, we can resume vm on target if livemigrate
581 my $cmd = [@{$self->{rem_ssh}}, 'qm', 'resume', $vmid, '--skiplock'];
582 eval{ PVE::Tools::run_command($cmd, outfunc => sub {},
583 errfunc => sub {
584 my $line = shift;
585 $self->log('err', $line);
586 });
587 };
588 if (my $err = $@) {
589 $self->log('err', $err);
590 $self->{errors} = 1;
591 }
592 }
593
594 my $timer = 0;
595 if (PVE::QemuServer::vga_conf_has_spice($conf->{vga})) {
596 $self->log('info', "Waiting for spice server migration");
597 while (1) {
598 my $res = PVE::QemuServer::vm_mon_cmd_nocheck($vmid, 'query-spice');
599 last if int($res->{'migrated'}) == 1;
600 last if $timer > 50;
601 $timer ++;
602 usleep(200000);
603 }
604 }
605
606 # always stop local VM
607 eval { PVE::QemuServer::vm_stop($self->{storecfg}, $vmid, 1, 1); };
608 if (my $err = $@) {
609 $self->log('err', "stopping vm failed - $err");
610 $self->{errors} = 1;
611 }
612
613 if ($self->{tunnel}) {
614 eval { finish_tunnel($self, $self->{tunnel}); };
615 if (my $err = $@) {
616 $self->log('err', $err);
617 $self->{errors} = 1;
618 }
619 }
620
621 # always deactivate volumes - avoid lvm LVs to be active on several nodes
622 eval {
623 my $vollist = PVE::QemuServer::get_vm_volumes($conf);
624 PVE::Storage::deactivate_volumes($self->{storecfg}, $vollist);
625 };
626 if (my $err = $@) {
627 $self->log('err', $err);
628 $self->{errors} = 1;
629 }
630
631 # clear migrate lock
632 my $cmd = [ @{$self->{rem_ssh}}, 'qm', 'unlock', $vmid ];
633 $self->cmd_logerr($cmd, errmsg => "failed to clear migrate lock");
634 }
635
636 sub final_cleanup {
637 my ($self, $vmid) = @_;
638
639 # nothing to do
640 }
641
642 1;
Virtual Machine Manager