use PVE::AbstractMigrate;
use IO::File;
use IPC::Open2;
+use POSIX qw( WNOHANG );
use PVE::INotify;
+use PVE::Tools;
use PVE::Cluster;
use PVE::Storage;
use PVE::QemuServer;
+use Time::HiRes qw( usleep );
+use PVE::RPCEnvironment;
use base qw(PVE::AbstractMigrate);
sub finish_command_pipe {
my ($self, $cmdpipe, $timeout) = @_;
+ my $cpid = $cmdpipe->{pid};
+ return if !defined($cpid);
+
my $writer = $cmdpipe->{writer};
my $reader = $cmdpipe->{reader};
$writer->close();
$reader->close();
- my $cpid = $cmdpipe->{pid};
+ my $collect_child_process = sub {
+ my $res = waitpid($cpid, WNOHANG);
+ if (defined($res) && ($res == $cpid)) {
+ delete $cmdpipe->{cpid};
+ return 1;
+ } else {
+ return 0;
+ }
+ };
if ($timeout) {
for (my $i = 0; $i < $timeout; $i++) {
- return if !PVE::ProcFSTools::check_process_running($cpid);
+ return if &$collect_child_process();
sleep(1);
}
}
# wait again
for (my $i = 0; $i < 10; $i++) {
- return if !PVE::ProcFSTools::check_process_running($cpid);
+ return if &$collect_child_process();
sleep(1);
}
$self->log('info', "ssh tunnel still running - terminating now with SIGKILL\n");
kill 9, $cpid;
sleep 1;
+
+ $self->log('err', "ssh tunnel child process (PID $cpid) couldn't be collected\n")
+ if !&$collect_child_process();
}
sub fork_tunnel {
- my ($self, $nodeip, $lport, $rport) = @_;
+ my ($self, $tunnel_addr) = @_;
+
+ my @localtunnelinfo = ('-L' , $tunnel_addr );
- my $cmd = [@{$self->{rem_ssh}}, '-L', "$lport:localhost:$rport",
- 'qm', 'mtunnel' ];
+ my $cmd = [@{$self->{rem_ssh}}, '-o ExitOnForwardFailure=yes', @localtunnelinfo, 'qm', 'mtunnel' ];
my $tunnel = $self->fork_command_pipe($cmd);
$self->finish_command_pipe($tunnel, 30);
+ if ($tunnel->{sock_addr}) {
+ # ssh does not clean up on local host
+ my $cmd = ['rm', '-f', $tunnel->{sock_addr}]; #
+ PVE::Tools::run_command($cmd);
+
+ # .. and just to be sure check on remote side
+ unshift @{$cmd}, @{$self->{rem_ssh}};
+ PVE::Tools::run_command($cmd);
+ }
+
die $err if $err;
}
sub lock_vm {
my ($self, $vmid, $code, @param) = @_;
- return PVE::QemuServer::lock_config($vmid, $code, @param);
+ return PVE::QemuConfig->lock_config($vmid, $code, @param);
}
sub prepare {
$self->{storecfg} = PVE::Storage::config();
- # test is VM exist
- my $conf = $self->{vmconf} = PVE::QemuServer::load_config($vmid);
+ # test if VM exists
+ my $conf = $self->{vmconf} = PVE::QemuConfig->load_config($vmid);
- PVE::QemuServer::check_lock($conf);
+ PVE::QemuConfig->check_lock($conf);
my $running = 0;
if (my $pid = PVE::QemuServer::check_running($vmid)) {
die "cant migrate running VM without --online\n" if !$online;
$running = $pid;
+
+ $self->{forcemachine} = PVE::QemuServer::qemu_machine_pxe($vmid, $conf);
+
}
if (my $loc_res = PVE::QemuServer::check_local_resources($conf, 1)) {
}
}
- # activate volumes
my $vollist = PVE::QemuServer::get_vm_volumes($conf);
- PVE::Storage::activate_volumes($self->{storecfg}, $vollist);
- # fixme: check if storage is available on both nodes
+ my $need_activate = [];
+ foreach my $volid (@$vollist) {
+ my ($sid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
+
+ # check if storage is available on both nodes
+ my $scfg = PVE::Storage::storage_check_node($self->{storecfg}, $sid);
+ PVE::Storage::storage_check_node($self->{storecfg}, $sid, $self->{node});
+
+ if ($scfg->{shared}) {
+ # PVE::Storage::activate_storage checks this for non-shared storages
+ my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
+ warn "Used shared storage '$sid' is not online on source node!\n"
+ if !$plugin->check_connection($sid, $scfg);
+ } else {
+ # only activate if not shared
+ push @$need_activate, $volid;
+ }
+ }
+
+ # activate volumes
+ PVE::Storage::activate_volumes($self->{storecfg}, $need_activate);
# test ssh connection
my $cmd = [ @{$self->{rem_ssh}}, '/bin/true' ];
my $volhash = {};
my $cdromhash = {};
+ my $sharedvm = 1;
+
my @sids = PVE::Storage::storage_ids($self->{storecfg});
foreach my $storeid (@sids) {
my $scfg = PVE::Storage::storage_config($self->{storecfg}, $storeid);
PVE::Storage::storage_check_node($self->{storecfg}, $sid, $self->{node});
$volhash->{$volid} = 1;
+ $sharedvm = 0; # there is a non-shared disk
});
}
- # and add used,owned/non-shared disks (just to be sure we have all)
+ # and add used, owned/non-shared disks (just to be sure we have all)
- my $sharedvm = 1;
- PVE::QemuServer::foreach_drive($conf, sub {
- my ($ds, $drive) = @_;
+ PVE::QemuServer::foreach_volid($conf, sub {
+ my ($volid, $is_cdrom) = @_;
- my $volid = $drive->{file};
return if !$volid;
- die "cant migrate local file/device '$volid'\n" if $volid =~ m|^/|;
+ die "can't migrate local file/device '$volid'\n" if $volid =~ m|^/|;
- if (PVE::QemuServer::drive_is_cdrom($drive)) {
+ if ($is_cdrom) {
die "cant migrate local cdrom drive\n" if $volid eq 'cdrom';
return if $volid eq 'none';
$cdromhash->{$volid} = 1;
my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
my $scfg = PVE::Storage::storage_config($self->{storecfg}, $sid);
- die "can't migrate '$volid' - storagy type '$scfg->{type}' not supported\n"
- if $scfg->{type} ne 'dir';
+ die "can't migrate '$volid' - storage type '$scfg->{type}' not supported\n"
+ if (!($scfg->{type} eq 'dir' || $scfg->{type} eq 'zfspool') && (!$sharedvm));
+
+ # if file, check if a backing file exist
+ if (!($scfg->{type} eq 'dir' || $scfg->{type} eq 'zfspool') && (!$sharedvm)) {
+ my (undef, undef, undef, $parent) = PVE::Storage::volume_size_info($self->{storecfg}, $volid, 1);
+ die "can't migrate '$volid' as it's a clone of '$parent'" if $parent;
+ }
}
foreach my $volid (keys %$volhash) {
# set migrate lock in config file
$conf->{lock} = 'migrate';
- PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
+ PVE::QemuConfig->write_config($vmid, $conf);
sync_disks($self, $vmid);
my $conf = $self->{vmconf};
delete $conf->{lock};
- eval { PVE::QemuServer::update_config_nolock($vmid, $conf, 1) };
+ eval { PVE::QemuConfig->write_config($vmid, $conf) };
if (my $err = $@) {
$self->log('err', $err);
}
$self->log('info', "starting VM $vmid on remote node '$self->{node}'");
+ my $raddr;
my $rport;
-
+ my $ruri; # the whole migration dst. URI (protocol:address[:port])
my $nodename = PVE::INotify::nodename();
## start on remote node
- my $cmd = [@{$self->{rem_ssh}}, 'qm', 'start',
- $vmid, '--stateuri', 'tcp', '--skiplock', '--migratedfrom', $nodename];
+ my $cmd = [@{$self->{rem_ssh}}];
+
+ my $spice_ticket;
+ if (PVE::QemuServer::vga_conf_has_spice($conf->{vga})) {
+ my $res = PVE::QemuServer::vm_mon_cmd($vmid, 'query-spice');
+ $spice_ticket = $res->{ticket};
+ }
- PVE::Tools::run_command($cmd, outfunc => sub {
+ push @$cmd , 'qm', 'start', $vmid, '--skiplock', '--migratedfrom', $nodename;
+
+ # we use TCP only for unsecure migrations as TCP ssh forward tunnels often
+ # did appeared to late (they are hard, if not impossible, to check for)
+ # secure migration use UNIX sockets now, this *breaks* compatibilty when trying
+ # to migrate from new to old but *not* from old to new.
+ my $datacenterconf = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ my $secure_migration = ($datacenterconf->{migration_unsecure}) ? 0 : 1;
+
+ if (!$secure_migration) {
+ push @$cmd, '--stateuri', 'tcp';
+ } else {
+ push @$cmd, '--stateuri', 'unix';
+ }
+
+ if ($self->{forcemachine}) {
+ push @$cmd, '--machine', $self->{forcemachine};
+ }
+
+ my $spice_port;
+
+ # Note: We try to keep $spice_ticket secret (do not pass via command line parameter)
+ # instead we pipe it through STDIN
+ PVE::Tools::run_command($cmd, input => $spice_ticket, outfunc => sub {
my $line = shift;
- if ($line =~ m/^migration listens on port (\d+)$/) {
- $rport = $1;
+ if ($line =~ m/^migration listens on tcp:(localhost|[\d\.]+|\[[\d\.:a-fA-F]+\]):(\d+)$/) {
+ $raddr = $1;
+ $rport = int($2);
+ $ruri = "tcp:$raddr:$rport";
}
- }, errfunc => sub {});
+ elsif ($line =~ m!^migration listens on unix:(/run/qemu-server/(\d+)\.migrate)$!) {
+ $raddr = $1;
+ die "Destination UNIX sockets VMID does not match source VMID" if $vmid ne $2;
+ $ruri = "unix:$raddr";
+ }
+ elsif ($line =~ m/^migration listens on port (\d+)$/) {
+ $raddr = "localhost";
+ $rport = int($1);
+ $ruri = "tcp:$raddr:$rport";
+ }
+ elsif ($line =~ m/^spice listens on port (\d+)$/) {
+ $spice_port = int($1);
+ }
+ }, errfunc => sub {
+ my $line = shift;
+ $self->log('info', $line);
+ });
+
+ die "unable to detect remote migration address\n" if !$raddr;
+
+ if ($secure_migration) {
+ $self->log('info', "start remote tunnel");
+
+ if ($ruri =~ /^unix:/) {
+ unlink $raddr;
+ $self->{tunnel} = $self->fork_tunnel("$raddr:$raddr");
+ $self->{tunnel}->{sock_addr} = $raddr;
+
+ my $unix_socket_try = 0; # wait for the socket to become ready
+ while (! -S $raddr) {
+ $unix_socket_try++;
+ if ($unix_socket_try > 100) {
+ $self->{errors} = 1;
+ $self->finish_tunnel($self->{tunnel});
+ die "Timeout, migration socket $ruri did not get ready";
+ }
- die "unable to detect remote migration port\n" if !$rport;
+ usleep(50000);
+ }
- $self->log('info', "starting migration tunnel");
+ } elsif ($ruri =~ /^tcp:/) {
+ # for backwards compatibility with older qemu-server versions
+ my $pfamily = PVE::Tools::get_host_address_family($nodename);
+ my $lport = PVE::Tools::next_migrate_port($pfamily);
- ## create tunnel to remote port
- my $lport = PVE::QemuServer::next_migrate_port();
- $self->{tunnel} = $self->fork_tunnel($self->{nodeip}, $lport, $rport);
+ $self->{tunnel} = $self->fork_tunnel("$lport:localhost:$rport");
- $self->log('info', "starting online/live migration on port $lport");
- # start migration
+ } else {
+ die "unsupported protocol in migration URI: $ruri\n";
+ }
+ }
my $start = time();
+ $self->log('info', "starting online/live migration on $ruri");
+ $self->{livemigration} = 1;
+
+ # load_defaults
+ my $defaults = PVE::QemuServer::load_defaults();
+
+ # always set migrate speed (overwrite kvm default of 32m)
+ # we set a very hight default of 8192m which is basically unlimited
+ my $migrate_speed = $defaults->{migrate_speed} || 8192;
+ $migrate_speed = $conf->{migrate_speed} || $migrate_speed;
+ $migrate_speed = $migrate_speed * 1048576;
+ $self->log('info', "migrate_set_speed: $migrate_speed");
+ eval {
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate_set_speed", value => int($migrate_speed));
+ };
+ $self->log('info', "migrate_set_speed error: $@") if $@;
+
+ my $migrate_downtime = $defaults->{migrate_downtime};
+ $migrate_downtime = $conf->{migrate_downtime} if defined($conf->{migrate_downtime});
+ if (defined($migrate_downtime)) {
+ $self->log('info', "migrate_set_downtime: $migrate_downtime");
+ eval {
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate_set_downtime", value => int($migrate_downtime*100)/100);
+ };
+ $self->log('info', "migrate_set_downtime error: $@") if $@;
+ }
+
+ $self->log('info', "set migration_caps");
+ eval {
+ PVE::QemuServer::set_migration_caps($vmid);
+ };
+ warn $@ if $@;
+
+ #set cachesize 10% of the total memory
+ my $cachesize = int($conf->{memory}*1048576/10);
+ $self->log('info', "set cachesize: $cachesize");
+ eval {
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate-set-cache-size", value => int($cachesize));
+ };
+ $self->log('info', "migrate-set-cache-size error: $@") if $@;
+
+ if (PVE::QemuServer::vga_conf_has_spice($conf->{vga})) {
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my (undef, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $self->{node});
+
+ my $filename = "/etc/pve/nodes/$self->{node}/pve-ssl.pem";
+ my $subject = PVE::AccessControl::read_x509_subject_spice($filename);
+
+ $self->log('info', "spice client_migrate_info");
+
+ eval {
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "client_migrate_info", protocol => 'spice',
+ hostname => $proxyticket, 'tls-port' => $spice_port,
+ 'cert-subject' => $subject);
+ };
+ $self->log('info', "client_migrate_info error: $@") if $@;
+
+ }
+
+ $self->log('info', "start migrate command to $ruri");
eval {
- PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri => "tcp:localhost:$lport");
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri => $ruri);
};
my $merr = $@;
+ $self->log('info', "migrate uri => $ruri failed: $merr") if $merr;
my $lstat = 0;
+ my $usleep = 2000000;
+ my $i = 0;
+ my $err_count = 0;
+ my $lastrem = undef;
+ my $downtimecounter = 0;
while (1) {
- sleep (2);
- my $stat = PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "query-migrate");
- if ($stat->{status} =~ m/^(active|completed|failed|cancelled)$/im) {
- $merr = undef;
+ $i++;
+ my $avglstat = $lstat/$i if $lstat;
+
+ usleep($usleep);
+ my $stat;
+ eval {
+ $stat = PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "query-migrate");
+ };
+ if (my $err = $@) {
+ $err_count++;
+ warn "query migrate failed: $err\n";
+ $self->log('info', "query migrate failed: $err");
+ if ($err_count <= 5) {
+ usleep(1000000);
+ next;
+ }
+ die "too many query migrate failures - aborting\n";
+ }
+
+ if (defined($stat->{status}) && $stat->{status} =~ m/^(setup)$/im) {
+ sleep(1);
+ next;
+ }
+ if (defined($stat->{status}) && $stat->{status} =~ m/^(active|completed|failed|cancelled)$/im) {
+ $merr = undef;
+ $err_count = 0;
if ($stat->{status} eq 'completed') {
my $delay = time() - $start;
if ($delay > 0) {
my $mbps = sprintf "%.2f", $conf->{memory}/$delay;
- $self->log('info', "migration speed: $mbps MB/s");
+ my $downtime = $stat->{downtime} || 0;
+ $self->log('info', "migration speed: $mbps MB/s - downtime $downtime ms");
}
}
if ($stat->{status} eq 'failed' || $stat->{status} eq 'cancelled') {
+ $self->log('info', "migration status error: $stat->{status}");
die "aborting\n"
}
my $trans = $stat->{ram}->{transferred} || 0;
my $rem = $stat->{ram}->{remaining} || 0;
my $total = $stat->{ram}->{total} || 0;
+ my $xbzrlecachesize = $stat->{"xbzrle-cache"}->{"cache-size"} || 0;
+ my $xbzrlebytes = $stat->{"xbzrle-cache"}->{"bytes"} || 0;
+ my $xbzrlepages = $stat->{"xbzrle-cache"}->{"pages"} || 0;
+ my $xbzrlecachemiss = $stat->{"xbzrle-cache"}->{"cache-miss"} || 0;
+ my $xbzrleoverflow = $stat->{"xbzrle-cache"}->{"overflow"} || 0;
+ #reduce sleep if remainig memory if lower than the everage transfert
+ $usleep = 300000 if $avglstat && $rem < $avglstat;
$self->log('info', "migration status: $stat->{status} (transferred ${trans}, " .
"remaining ${rem}), total ${total})");
+
+ if (${xbzrlecachesize}) {
+ $self->log('info', "migration xbzrle cachesize: ${xbzrlecachesize} transferred ${xbzrlebytes} pages ${xbzrlepages} cachemiss ${xbzrlecachemiss} overflow ${xbzrleoverflow}");
+ }
+
+ if (($lastrem && $rem > $lastrem ) || ($rem == 0)) {
+ $downtimecounter++;
+ }
+ $lastrem = $rem;
+
+ if ($downtimecounter > 5) {
+ $downtimecounter = 0;
+ $migrate_downtime *= 2;
+ $self->log('info', "migrate_set_downtime: $migrate_downtime");
+ eval {
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate_set_downtime", value => int($migrate_downtime*100)/100);
+ };
+ $self->log('info', "migrate_set_downtime error: $@") if $@;
+ }
+
}
- $lstat = $stat->{ram}->{transferred};
+ $lstat = $stat->{ram}->{transferred};
+
} else {
die $merr if $merr;
die "unable to parse migration status '$stat->{status}' - aborting\n";
}
}
+
+ # just to be sure that the tunnel gets closed on successful migration, on error
+ # phase2_cleanup closes it *after* stopping the remote waiting VM
+ if (!$self->{errors} && $self->{tunnel}) {
+ eval { finish_tunnel($self, $self->{tunnel}); };
+ if (my $err = $@) {
+ $self->log('err', $err);
+ $self->{errors} = 1;
+ }
+ }
}
sub phase2_cleanup {
my ($self, $vmid, $err) = @_;
+ return if !$self->{errors};
+ $self->{phase2errors} = 1;
+
$self->log('info', "aborting phase 2 - cleanup resources");
+ $self->log('info', "migrate_cancel");
+ eval {
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate_cancel");
+ };
+ $self->log('info', "migrate_cancel error: $@") if $@;
+
my $conf = $self->{vmconf};
delete $conf->{lock};
- eval { PVE::QemuServer::update_config_nolock($vmid, $conf, 1) };
+ eval { PVE::QemuConfig->write_config($vmid, $conf) };
if (my $err = $@) {
$self->log('err', $err);
}
- ## fixme : vm_stop_cleanup on target vm
-
+ # cleanup ressources on target host
+ my $nodename = PVE::INotify::nodename();
+
+ my $cmd = [@{$self->{rem_ssh}}, 'qm', 'stop', $vmid, '--skiplock', '--migratedfrom', $nodename];
+ eval{ PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => sub {}) };
+ if (my $err = $@) {
+ $self->log('err', $err);
+ $self->{errors} = 1;
+ }
+ if ($self->{tunnel}) {
+ eval { finish_tunnel($self, $self->{tunnel}); };
+ if (my $err = $@) {
+ $self->log('err', $err);
+ $self->{errors} = 1;
+ }
+ }
}
sub phase3 {
my ($self, $vmid) = @_;
my $volids = $self->{volumes};
+ return if $self->{phase2errors};
# destroy local copies
foreach my $volid (@$volids) {
my ($self, $vmid, $err) = @_;
my $conf = $self->{vmconf};
+ return if $self->{phase2errors};
# move config to remote node
- my $conffile = PVE::QemuServer::config_file($vmid);
- my $newconffile = PVE::QemuServer::config_file($vmid, $self->{node});
+ my $conffile = PVE::QemuConfig->config_file($vmid);
+ my $newconffile = PVE::QemuConfig->config_file($vmid, $self->{node});
die "Failed to move config to node '$self->{node}' - rename failed: $!\n"
if !rename($conffile, $newconffile);
- # now that config file is move, we can resume vm on target if livemigrate
- if ($self->{tunnel}) {
- my $cmd = [@{$self->{rem_ssh}}, 'qm', 'resume', $vmid, '--skiplock'];
- eval{ PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => sub {}) };
+ if ($self->{livemigration}) {
+ # now that config file is move, we can resume vm on target if livemigrate
+ my $cmd = [@{$self->{rem_ssh}}, 'qm', 'resume', $vmid, '--skiplock', '--nocheck'];
+ eval{ PVE::Tools::run_command($cmd, outfunc => sub {},
+ errfunc => sub {
+ my $line = shift;
+ $self->log('err', $line);
+ });
+ };
if (my $err = $@) {
$self->log('err', $err);
$self->{errors} = 1;
}
}
+ eval {
+
+ my $timer = 0;
+ if (PVE::QemuServer::vga_conf_has_spice($conf->{vga}) && $self->{running}) {
+ $self->log('info', "Waiting for spice server migration");
+ while (1) {
+ my $res = PVE::QemuServer::vm_mon_cmd_nocheck($vmid, 'query-spice');
+ last if int($res->{'migrated'}) == 1;
+ last if $timer > 50;
+ $timer ++;
+ usleep(200000);
+ }
+ }
+ };
+
# always stop local VM
eval { PVE::QemuServer::vm_stop($self->{storecfg}, $vmid, 1, 1); };
if (my $err = $@) {
$self->{errors} = 1;
}
- if ($self->{tunnel}) {
- eval { finish_tunnel($self, $self->{tunnel}); };
- if (my $err = $@) {
- $self->log('err', $err);
- $self->{errors} = 1;
- }
- }
-
# always deactivate volumes - avoid lvm LVs to be active on several nodes
eval {
my $vollist = PVE::QemuServer::get_vm_volumes($conf);
projects / qemu-server.git / blobdiff