Fix #2412: Missing VMs in pools

Between calling vm_destroy and removing the ID from user.cfg (remove_vm_access)
creating a new VM with this ID was possible. VMs could go missing from pools as
a consequence.

Adding a lock solves this for clones from the same node. Additionally,
unlinking must happen at the very end of the deletion process to avoid that
other nodes use the ID in the meanwhile.

Co-developed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 267a08e84379a1b6c4734bc62c8a359469553814..7e1d314762e4609d03c758bf4a3d4914c62a5f13 100644 (file)
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1492,9 +1492,15 @@ __PACKAGE__->register_method({
            my $upid = shift;
 
            syslog('info', "destroy VM $vmid: $upid\n");
-           PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
-           PVE::AccessControl::remove_vm_access($vmid);
-            PVE::Firewall::remove_vmfw_conf($vmid);
+           PVE::QemuConfig->lock_config($vmid, sub {
+               die "VM $vmid is running - destroy failed\n"
+                   if (PVE::QemuServer::check_running($vmid));
+               PVE::QemuServer::destroy_vm($storecfg, $vmid, 1, $skiplock);
+               PVE::AccessControl::remove_vm_access($vmid);
+               PVE::Firewall::remove_vmfw_conf($vmid);
+               unlink PVE::QemuConfig->config_file($vmid)
+                   or die "Removal of VM $vmid config file failed: $!\n";
+           });
        };
 
        return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);