# # # Copyright (C) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Google Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301, USA. """KVM hypervisor """ import errno import os import os.path import re import tempfile import time import logging import pwd import shutil import urllib2 from bitarray import bitarray try: import affinity # pylint: disable=F0401 except ImportError: affinity = None try: import fdsend # pylint: disable=F0401 except ImportError: fdsend = None from ganeti import utils from ganeti import constants from ganeti import errors from ganeti import serializer from ganeti import objects from ganeti import uidpool from ganeti import ssconf from ganeti import netutils from ganeti import pathutils from ganeti.hypervisor import hv_base from ganeti.utils import wrapper as utils_wrapper from ganeti.hypervisor.hv_kvm.monitor import QmpConnection, QmpMessage, \ MonitorSocket from ganeti.hypervisor.hv_kvm.netdev import OpenTap _KVM_NETWORK_SCRIPT = pathutils.CONF_DIR + "/kvm-vif-bridge" _KVM_START_PAUSED_FLAG = "-S" #: SPICE parameters which depend on L{constants.HV_KVM_SPICE_BIND} _SPICE_ADDITIONAL_PARAMS = frozenset([ constants.HV_KVM_SPICE_IP_VERSION, constants.HV_KVM_SPICE_PASSWORD_FILE, constants.HV_KVM_SPICE_LOSSLESS_IMG_COMPR, constants.HV_KVM_SPICE_JPEG_IMG_COMPR, constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR, constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION, constants.HV_KVM_SPICE_USE_TLS, ]) # Constant bitarray that reflects to a free pci slot # Use it with bitarray.search() _AVAILABLE_PCI_SLOT = bitarray("0") # below constants show the format of runtime file # the nics are in second possition, while the disks in 4th (last) # moreover disk entries are stored as a list of in tuples # (L{objects.Disk}, link_name, uri) _KVM_NICS_RUNTIME_INDEX = 1 _KVM_DISKS_RUNTIME_INDEX = 3 _DEVICE_RUNTIME_INDEX = { constants.HOTPLUG_TARGET_DISK: _KVM_DISKS_RUNTIME_INDEX, constants.HOTPLUG_TARGET_NIC: _KVM_NICS_RUNTIME_INDEX } _FIND_RUNTIME_ENTRY = { constants.HOTPLUG_TARGET_NIC: lambda nic, kvm_nics: [n for n in kvm_nics if n.uuid == nic.uuid], constants.HOTPLUG_TARGET_DISK: lambda disk, kvm_disks: [(d, l, u) for (d, l, u) in kvm_disks if d.uuid == disk.uuid] } _RUNTIME_DEVICE = { constants.HOTPLUG_TARGET_NIC: lambda d: d, constants.HOTPLUG_TARGET_DISK: lambda (d, e, _): d } _RUNTIME_ENTRY = { constants.HOTPLUG_TARGET_NIC: lambda d, e: d, constants.HOTPLUG_TARGET_DISK: lambda d, e: (d, e, None) } _MIGRATION_CAPS_DELIM = ":" def _GenerateDeviceKVMId(dev_type, dev): """Helper function to generate a unique device name used by KVM QEMU monitor commands use names to identify devices. Here we use their pci slot and a part of their UUID to name them. dev.pci might be None for old devices in the cluster. @type dev_type: sting @param dev_type: device type of param dev @type dev: L{objects.Disk} or L{objects.NIC} @param dev: the device object for which we generate a kvm name @raise errors.HotplugError: in case a device has no pci slot (old devices) """ if not dev.pci: raise errors.HotplugError("Hotplug is not supported for %s with UUID %s" % (dev_type, dev.uuid)) return "%s-%s-pci-%d" % (dev_type.lower(), dev.uuid.split("-")[0], dev.pci) def _GetFreeSlot(slots, slot=None, reserve=False): """Helper method to get first available slot in a bitarray @type slots: bitarray @param slots: the bitarray to operate on @type slot: integer @param slot: if given we check whether the slot is free @type reserve: boolean @param reserve: whether to reserve the first available slot or not @return: the idx of the (first) available slot @raise errors.HotplugError: If all slots in a bitarray are occupied or the given slot is not free. """ if slot is not None: assert slot < len(slots) if slots[slot]: raise errors.HypervisorError("Slots %d occupied" % slot) else: avail = slots.search(_AVAILABLE_PCI_SLOT, 1) if not avail: raise errors.HypervisorError("All slots occupied") slot = int(avail[0]) if reserve: slots[slot] = True return slot def _GetExistingDeviceInfo(dev_type, device, runtime): """Helper function to get an existing device inside the runtime file Used when an instance is running. Load kvm runtime file and search for a device based on its type and uuid. @type dev_type: sting @param dev_type: device type of param dev @type device: L{objects.Disk} or L{objects.NIC} @param device: the device object for which we generate a kvm name @type runtime: tuple (cmd, nics, hvparams, disks) @param runtime: the runtime data to search for the device @raise errors.HotplugError: in case the requested device does not exist (e.g. device has been added without --hotplug option) or device info has not pci slot (e.g. old devices in the cluster) """ index = _DEVICE_RUNTIME_INDEX[dev_type] found = _FIND_RUNTIME_ENTRY[dev_type](device, runtime[index]) if not found: raise errors.HotplugError("Cannot find runtime info for %s with UUID %s" % (dev_type, device.uuid)) return found[0] def _UpgradeSerializedRuntime(serialized_runtime): """Upgrade runtime data Remove any deprecated fields or change the format of the data. The runtime files are not upgraded when Ganeti is upgraded, so the required modification have to be performed here. @type serialized_runtime: string @param serialized_runtime: raw text data read from actual runtime file @return: (cmd, nic dicts, hvparams, bdev dicts) @rtype: tuple """ loaded_runtime = serializer.Load(serialized_runtime) kvm_cmd, serialized_nics, hvparams = loaded_runtime[:3] if len(loaded_runtime) >= 4: serialized_disks = loaded_runtime[3] else: serialized_disks = [] for nic in serialized_nics: # Add a dummy uuid slot if an pre-2.8 NIC is found if "uuid" not in nic: nic["uuid"] = utils.NewUUID() return kvm_cmd, serialized_nics, hvparams, serialized_disks def _AnalyzeSerializedRuntime(serialized_runtime): """Return runtime entries for a serialized runtime file @type serialized_runtime: string @param serialized_runtime: raw text data read from actual runtime file @return: (cmd, nics, hvparams, bdevs) @rtype: tuple """ kvm_cmd, serialized_nics, hvparams, serialized_disks = \ _UpgradeSerializedRuntime(serialized_runtime) kvm_nics = [objects.NIC.FromDict(snic) for snic in serialized_nics] kvm_disks = [(objects.Disk.FromDict(sdisk), link, uri) for sdisk, link, uri in serialized_disks] return (kvm_cmd, kvm_nics, hvparams, kvm_disks) class HeadRequest(urllib2.Request): def get_method(self): return "HEAD" def _CheckUrl(url): """Check if a given URL exists on the server """ try: urllib2.urlopen(HeadRequest(url)) return True except urllib2.URLError: return False class KVMHypervisor(hv_base.BaseHypervisor): """KVM hypervisor interface """ CAN_MIGRATE = True _ROOT_DIR = pathutils.RUN_DIR + "/kvm-hypervisor" _PIDS_DIR = _ROOT_DIR + "/pid" # contains live instances pids _UIDS_DIR = _ROOT_DIR + "/uid" # contains instances reserved uids _CTRL_DIR = _ROOT_DIR + "/ctrl" # contains instances control sockets _CONF_DIR = _ROOT_DIR + "/conf" # contains instances startup data _NICS_DIR = _ROOT_DIR + "/nic" # contains instances nic <-> tap associations _KEYMAP_DIR = _ROOT_DIR + "/keymap" # contains instances keymaps # KVM instances with chroot enabled are started in empty chroot directories. _CHROOT_DIR = _ROOT_DIR + "/chroot" # for empty chroot directories # After an instance is stopped, its chroot directory is removed. # If the chroot directory is not empty, it can't be removed. # A non-empty chroot directory indicates a possible security incident. # To support forensics, the non-empty chroot directory is quarantined in # a separate directory, called 'chroot-quarantine'. _CHROOT_QUARANTINE_DIR = _ROOT_DIR + "/chroot-quarantine" _DIRS = [_ROOT_DIR, _PIDS_DIR, _UIDS_DIR, _CTRL_DIR, _CONF_DIR, _NICS_DIR, _CHROOT_DIR, _CHROOT_QUARANTINE_DIR, _KEYMAP_DIR] PARAMETERS = { constants.HV_KVM_PATH: hv_base.REQ_FILE_CHECK, constants.HV_KERNEL_PATH: hv_base.OPT_FILE_CHECK, constants.HV_INITRD_PATH: hv_base.OPT_FILE_CHECK, constants.HV_ROOT_PATH: hv_base.NO_CHECK, constants.HV_KERNEL_ARGS: hv_base.NO_CHECK, constants.HV_ACPI: hv_base.NO_CHECK, constants.HV_SERIAL_CONSOLE: hv_base.NO_CHECK, constants.HV_SERIAL_SPEED: hv_base.NO_CHECK, constants.HV_VNC_BIND_ADDRESS: hv_base.NO_CHECK, # will be checked later constants.HV_VNC_TLS: hv_base.NO_CHECK, constants.HV_VNC_X509: hv_base.OPT_DIR_CHECK, constants.HV_VNC_X509_VERIFY: hv_base.NO_CHECK, constants.HV_VNC_PASSWORD_FILE: hv_base.OPT_FILE_CHECK, constants.HV_KVM_SPICE_BIND: hv_base.NO_CHECK, # will be checked later constants.HV_KVM_SPICE_IP_VERSION: (False, lambda x: (x == constants.IFACE_NO_IP_VERSION_SPECIFIED or x in constants.VALID_IP_VERSIONS), "The SPICE IP version should be 4 or 6", None, None), constants.HV_KVM_SPICE_PASSWORD_FILE: hv_base.OPT_FILE_CHECK, constants.HV_KVM_SPICE_LOSSLESS_IMG_COMPR: hv_base.ParamInSet( False, constants.HT_KVM_SPICE_VALID_LOSSLESS_IMG_COMPR_OPTIONS), constants.HV_KVM_SPICE_JPEG_IMG_COMPR: hv_base.ParamInSet( False, constants.HT_KVM_SPICE_VALID_LOSSY_IMG_COMPR_OPTIONS), constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR: hv_base.ParamInSet( False, constants.HT_KVM_SPICE_VALID_LOSSY_IMG_COMPR_OPTIONS), constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: hv_base.ParamInSet( False, constants.HT_KVM_SPICE_VALID_VIDEO_STREAM_DETECTION_OPTIONS), constants.HV_KVM_SPICE_AUDIO_COMPR: hv_base.NO_CHECK, constants.HV_KVM_SPICE_USE_TLS: hv_base.NO_CHECK, constants.HV_KVM_SPICE_TLS_CIPHERS: hv_base.NO_CHECK, constants.HV_KVM_SPICE_USE_VDAGENT: hv_base.NO_CHECK, constants.HV_KVM_FLOPPY_IMAGE_PATH: hv_base.OPT_FILE_CHECK, constants.HV_CDROM_IMAGE_PATH: hv_base.OPT_FILE_OR_URL_CHECK, constants.HV_KVM_CDROM2_IMAGE_PATH: hv_base.OPT_FILE_OR_URL_CHECK, constants.HV_BOOT_ORDER: hv_base.ParamInSet(True, constants.HT_KVM_VALID_BO_TYPES), constants.HV_NIC_TYPE: hv_base.ParamInSet(True, constants.HT_KVM_VALID_NIC_TYPES), constants.HV_DISK_TYPE: hv_base.ParamInSet(True, constants.HT_KVM_VALID_DISK_TYPES), constants.HV_KVM_CDROM_DISK_TYPE: hv_base.ParamInSet(False, constants.HT_KVM_VALID_DISK_TYPES), constants.HV_USB_MOUSE: hv_base.ParamInSet(False, constants.HT_KVM_VALID_MOUSE_TYPES), constants.HV_KEYMAP: hv_base.NO_CHECK, constants.HV_MIGRATION_PORT: hv_base.REQ_NET_PORT_CHECK, constants.HV_MIGRATION_BANDWIDTH: hv_base.REQ_NONNEGATIVE_INT_CHECK, constants.HV_MIGRATION_DOWNTIME: hv_base.REQ_NONNEGATIVE_INT_CHECK, constants.HV_MIGRATION_MODE: hv_base.MIGRATION_MODE_CHECK, constants.HV_USE_LOCALTIME: hv_base.NO_CHECK, constants.HV_DISK_CACHE: hv_base.ParamInSet(True, constants.HT_VALID_CACHE_TYPES), constants.HV_SECURITY_MODEL: hv_base.ParamInSet(True, constants.HT_KVM_VALID_SM_TYPES), constants.HV_SECURITY_DOMAIN: hv_base.NO_CHECK, constants.HV_KVM_FLAG: hv_base.ParamInSet(False, constants.HT_KVM_FLAG_VALUES), constants.HV_VHOST_NET: hv_base.NO_CHECK, constants.HV_KVM_USE_CHROOT: hv_base.NO_CHECK, constants.HV_KVM_USER_SHUTDOWN: hv_base.NO_CHECK, constants.HV_MEM_PATH: hv_base.OPT_DIR_CHECK, constants.HV_REBOOT_BEHAVIOR: hv_base.ParamInSet(True, constants.REBOOT_BEHAVIORS), constants.HV_CPU_MASK: hv_base.OPT_MULTI_CPU_MASK_CHECK, constants.HV_CPU_TYPE: hv_base.NO_CHECK, constants.HV_CPU_CORES: hv_base.OPT_NONNEGATIVE_INT_CHECK, constants.HV_CPU_THREADS: hv_base.OPT_NONNEGATIVE_INT_CHECK, constants.HV_CPU_SOCKETS: hv_base.OPT_NONNEGATIVE_INT_CHECK, constants.HV_SOUNDHW: hv_base.NO_CHECK, constants.HV_USB_DEVICES: hv_base.NO_CHECK, constants.HV_VGA: hv_base.NO_CHECK, constants.HV_KVM_EXTRA: hv_base.NO_CHECK, constants.HV_KVM_MACHINE_VERSION: hv_base.NO_CHECK, constants.HV_KVM_MIGRATION_CAPS: hv_base.NO_CHECK, constants.HV_VNET_HDR: hv_base.NO_CHECK, } _VIRTIO = "virtio" _VIRTIO_NET_PCI = "virtio-net-pci" _VIRTIO_BLK_PCI = "virtio-blk-pci" _MIGRATION_STATUS_RE = re.compile(r"Migration\s+status:\s+(\w+)", re.M | re.I) _MIGRATION_PROGRESS_RE = \ re.compile(r"\s*transferred\s+ram:\s+(?P\d+)\s+kbytes\s*\n" r"\s*remaining\s+ram:\s+(?P\d+)\s+kbytes\s*\n" r"\s*total\s+ram:\s+(?P\d+)\s+kbytes\s*\n", re.I) _MIGRATION_INFO_MAX_BAD_ANSWERS = 5 _MIGRATION_INFO_RETRY_DELAY = 2 _VERSION_RE = re.compile(r"\b(\d+)\.(\d+)(\.(\d+))?\b") _CPU_INFO_RE = re.compile(r"cpu\s+\#(\d+).*thread_id\s*=\s*(\d+)", re.I) _CPU_INFO_CMD = "info cpus" _CONT_CMD = "cont" _DEFAULT_MACHINE_VERSION_RE = re.compile(r"^(\S+).*\(default\)", re.M) _CHECK_MACHINE_VERSION_RE = \ staticmethod(lambda x: re.compile(r"^(%s)[ ]+.*PC" % x, re.M)) _QMP_RE = re.compile(r"^-qmp\s", re.M) _SPICE_RE = re.compile(r"^-spice\s", re.M) _VHOST_RE = re.compile(r"^-net\s.*,vhost=on|off", re.M) _ENABLE_KVM_RE = re.compile(r"^-enable-kvm\s", re.M) _DISABLE_KVM_RE = re.compile(r"^-disable-kvm\s", re.M) _NETDEV_RE = re.compile(r"^-netdev\s", re.M) _DISPLAY_RE = re.compile(r"^-display\s", re.M) _MACHINE_RE = re.compile(r"^-machine\s", re.M) _VIRTIO_NET_RE = re.compile(r"^name \"%s\"" % _VIRTIO_NET_PCI, re.M) _VIRTIO_BLK_RE = re.compile(r"^name \"%s\"" % _VIRTIO_BLK_PCI, re.M) # match -drive.*boot=on|off on different lines, but in between accept only # dashes not preceeded by a new line (which would mean another option # different than -drive is starting) _BOOT_RE = re.compile(r"^-drive\s([^-]|(? constants.VNC_BASE_PORT: display = instance.network_port - constants.VNC_BASE_PORT if vnc_bind_address == constants.IP4_ADDRESS_ANY: vnc_arg = ":%d" % (display) else: vnc_arg = "%s:%d" % (vnc_bind_address, display) else: logging.error("Network port is not a valid VNC display (%d < %d)," " not starting VNC", instance.network_port, constants.VNC_BASE_PORT) vnc_arg = "none" # Only allow tls and other option when not binding to a file, for now. # kvm/qemu gets confused otherwise about the filename to use. vnc_append = "" if hvp[constants.HV_VNC_TLS]: vnc_append = "%s,tls" % vnc_append if hvp[constants.HV_VNC_X509_VERIFY]: vnc_append = "%s,x509verify=%s" % (vnc_append, hvp[constants.HV_VNC_X509]) elif hvp[constants.HV_VNC_X509]: vnc_append = "%s,x509=%s" % (vnc_append, hvp[constants.HV_VNC_X509]) if hvp[constants.HV_VNC_PASSWORD_FILE]: vnc_append = "%s,password" % vnc_append vnc_arg = "%s%s" % (vnc_arg, vnc_append) else: vnc_arg = "unix:%s/%s.vnc" % (vnc_bind_address, instance.name) kvm_cmd.extend(["-vnc", vnc_arg]) elif spice_bind: # FIXME: this is wrong here; the iface ip address differs # between systems, so it should be done in _ExecuteKVMRuntime if netutils.IsValidInterface(spice_bind): # The user specified a network interface, we have to figure out the IP # address. addresses = netutils.GetInterfaceIpAddresses(spice_bind) spice_ip_version = hvp[constants.HV_KVM_SPICE_IP_VERSION] # if the user specified an IP version and the interface does not # have that kind of IP addresses, throw an exception if spice_ip_version != constants.IFACE_NO_IP_VERSION_SPECIFIED: if not addresses[spice_ip_version]: raise errors.HypervisorError("SPICE: Unable to get an IPv%s address" " for %s" % (spice_ip_version, spice_bind)) # the user did not specify an IP version, we have to figure it out elif (addresses[constants.IP4_VERSION] and addresses[constants.IP6_VERSION]): # we have both ipv4 and ipv6, let's use the cluster default IP # version cluster_family = ssconf.SimpleStore().GetPrimaryIPFamily() spice_ip_version = \ netutils.IPAddress.GetVersionFromAddressFamily(cluster_family) elif addresses[constants.IP4_VERSION]: spice_ip_version = constants.IP4_VERSION elif addresses[constants.IP6_VERSION]: spice_ip_version = constants.IP6_VERSION else: raise errors.HypervisorError("SPICE: Unable to get an IP address" " for %s" % (spice_bind)) spice_address = addresses[spice_ip_version][0] else: # spice_bind is known to be a valid IP address, because # ValidateParameters checked it. spice_address = spice_bind spice_arg = "addr=%s" % spice_address if hvp[constants.HV_KVM_SPICE_USE_TLS]: spice_arg = ("%s,tls-port=%s,x509-cacert-file=%s" % (spice_arg, instance.network_port, pathutils.SPICE_CACERT_FILE)) spice_arg = ("%s,x509-key-file=%s,x509-cert-file=%s" % (spice_arg, pathutils.SPICE_CERT_FILE, pathutils.SPICE_CERT_FILE)) tls_ciphers = hvp[constants.HV_KVM_SPICE_TLS_CIPHERS] if tls_ciphers: spice_arg = "%s,tls-ciphers=%s" % (spice_arg, tls_ciphers) else: spice_arg = "%s,port=%s" % (spice_arg, instance.network_port) if not hvp[constants.HV_KVM_SPICE_PASSWORD_FILE]: spice_arg = "%s,disable-ticketing" % spice_arg if spice_ip_version: spice_arg = "%s,ipv%s" % (spice_arg, spice_ip_version) # Image compression options img_lossless = hvp[constants.HV_KVM_SPICE_LOSSLESS_IMG_COMPR] img_jpeg = hvp[constants.HV_KVM_SPICE_JPEG_IMG_COMPR] img_zlib_glz = hvp[constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR] if img_lossless: spice_arg = "%s,image-compression=%s" % (spice_arg, img_lossless) if img_jpeg: spice_arg = "%s,jpeg-wan-compression=%s" % (spice_arg, img_jpeg) if img_zlib_glz: spice_arg = "%s,zlib-glz-wan-compression=%s" % (spice_arg, img_zlib_glz) # Video stream detection video_streaming = hvp[constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION] if video_streaming: spice_arg = "%s,streaming-video=%s" % (spice_arg, video_streaming) # Audio compression, by default in qemu-kvm it is on if not hvp[constants.HV_KVM_SPICE_AUDIO_COMPR]: spice_arg = "%s,playback-compression=off" % spice_arg if not hvp[constants.HV_KVM_SPICE_USE_VDAGENT]: spice_arg = "%s,agent-mouse=off" % spice_arg else: # Enable the spice agent communication channel between the host and the # agent. addr = _GetFreeSlot(pci_reservations, reserve=True) pci_info = ",bus=pci.0,addr=%s" % hex(addr) kvm_cmd.extend(["-device", "virtio-serial-pci,id=spice%s" % pci_info]) kvm_cmd.extend([ "-device", "virtserialport,chardev=spicechannel0,name=com.redhat.spice.0", ]) kvm_cmd.extend(["-chardev", "spicevmc,id=spicechannel0,name=vdagent"]) logging.info("KVM: SPICE will listen on port %s", instance.network_port) kvm_cmd.extend(["-spice", spice_arg]) else: # From qemu 1.4 -nographic is incompatible with -daemonize. The new way # also works in earlier versions though (tested with 1.1 and 1.3) if self._DISPLAY_RE.search(kvmhelp): kvm_cmd.extend(["-display", "none"]) else: kvm_cmd.extend(["-nographic"]) if hvp[constants.HV_USE_LOCALTIME]: kvm_cmd.extend(["-localtime"]) if hvp[constants.HV_KVM_USE_CHROOT]: kvm_cmd.extend(["-chroot", self._InstanceChrootDir(instance.name)]) # Add qemu-KVM -cpu param if hvp[constants.HV_CPU_TYPE]: kvm_cmd.extend(["-cpu", hvp[constants.HV_CPU_TYPE]]) # Pass a -vga option if requested, or if spice is used, for backwards # compatibility. if hvp[constants.HV_VGA]: kvm_cmd.extend(["-vga", hvp[constants.HV_VGA]]) elif spice_bind: kvm_cmd.extend(["-vga", "qxl"]) # Various types of usb devices, comma separated if hvp[constants.HV_USB_DEVICES]: for dev in hvp[constants.HV_USB_DEVICES].split(","): kvm_cmd.extend(["-usbdevice", dev]) # Set system UUID to instance UUID if self._UUID_RE.search(kvmhelp): kvm_cmd.extend(["-uuid", instance.uuid]) if hvp[constants.HV_KVM_EXTRA]: kvm_cmd.extend(hvp[constants.HV_KVM_EXTRA].split(" ")) kvm_disks = [] for disk, link_name, uri in block_devices: disk.pci = _GetFreeSlot(pci_reservations, disk.pci, True) kvm_disks.append((disk, link_name, uri)) kvm_nics = [] for nic in instance.nics: nic.pci = _GetFreeSlot(pci_reservations, nic.pci, True) kvm_nics.append(nic) hvparams = hvp return (kvm_cmd, kvm_nics, hvparams, kvm_disks) def _WriteKVMRuntime(self, instance_name, data): """Write an instance's KVM runtime """ try: utils.WriteFile(self._InstanceKVMRuntime(instance_name), data=data) except EnvironmentError, err: raise errors.HypervisorError("Failed to save KVM runtime file: %s" % err) def _ReadKVMRuntime(self, instance_name): """Read an instance's KVM runtime """ try: file_content = utils.ReadFile(self._InstanceKVMRuntime(instance_name)) except EnvironmentError, err: raise errors.HypervisorError("Failed to load KVM runtime file: %s" % err) return file_content def _SaveKVMRuntime(self, instance, kvm_runtime): """Save an instance's KVM runtime """ kvm_cmd, kvm_nics, hvparams, kvm_disks = kvm_runtime serialized_nics = [nic.ToDict() for nic in kvm_nics] serialized_disks = [(blk.ToDict(), link, uri) for blk, link, uri in kvm_disks] serialized_form = serializer.Dump((kvm_cmd, serialized_nics, hvparams, serialized_disks)) self._WriteKVMRuntime(instance.name, serialized_form) def _LoadKVMRuntime(self, instance, serialized_runtime=None): """Load an instance's KVM runtime """ if not serialized_runtime: serialized_runtime = self._ReadKVMRuntime(instance.name) return _AnalyzeSerializedRuntime(serialized_runtime) def _RunKVMCmd(self, name, kvm_cmd, tap_fds=None): """Run the KVM cmd and check for errors @type name: string @param name: instance name @type kvm_cmd: list of strings @param kvm_cmd: runcmd input for kvm @type tap_fds: list of int @param tap_fds: fds of tap devices opened by Ganeti """ try: result = utils.RunCmd(kvm_cmd, noclose_fds=tap_fds) finally: for fd in tap_fds: utils_wrapper.CloseFdNoError(fd) if result.failed: raise errors.HypervisorError("Failed to start instance %s: %s (%s)" % (name, result.fail_reason, result.output)) if not self._InstancePidAlive(name)[2]: raise errors.HypervisorError("Failed to start instance %s" % name) @staticmethod def _GenerateTapName(nic): """Generate a TAP network interface name for a NIC. This helper function generates a special TAP network interface name for NICs that are meant to be used in instance communication. This function checks the existing TAP interfaces in order to find a unique name for the new TAP network interface. The TAP network interface names are of the form 'gnt.com.%d', where '%d' is a unique number within the node. @type nic: ganeti.objects.NIC @param nic: NIC object for the name should be generated @rtype: string @return: TAP network interface name, or the empty string if the NIC is not used in instance communication """ if nic.name is None or not \ nic.name.startswith(constants.INSTANCE_COMMUNICATION_NIC_PREFIX): return "" result = utils.RunCmd(["ip", "tuntap", "list"]) if result.failed: raise errors.HypervisorError("Failed to list TUN/TAP interfaces") idxs = set() for line in result.output.splitlines(): parts = line.split(": ", 1) if len(parts) < 2: raise errors.HypervisorError("Failed to parse TUN/TAP interfaces") r = re.match(r"gnt\.com\.([0-9]+)", parts[0]) if r is not None: idxs.add(int(r.group(1))) if idxs: idx = max(idxs) + 1 else: idx = 0 return "gnt.com.%d" % idx # too many local variables # pylint: disable=R0914 def _ExecuteKVMRuntime(self, instance, kvm_runtime, kvmhelp, incoming=None): """Execute a KVM cmd, after completing it with some last minute data. @type incoming: tuple of strings @param incoming: (target_host_ip, port) @type kvmhelp: string @param kvmhelp: output of kvm --help """ # Small _ExecuteKVMRuntime hv parameters programming howto: # - conf_hvp contains the parameters as configured on ganeti. they might # have changed since the instance started; only use them if the change # won't affect the inside of the instance (which hasn't been rebooted). # - up_hvp contains the parameters as they were when the instance was # started, plus any new parameter which has been added between ganeti # versions: it is paramount that those default to a value which won't # affect the inside of the instance as well. conf_hvp = instance.hvparams name = instance.name self._CheckDown(name) self._ClearUserShutdown(instance.name) self._StartKvmd(instance.hvparams) temp_files = [] kvm_cmd, kvm_nics, up_hvp, kvm_disks = kvm_runtime # the first element of kvm_cmd is always the path to the kvm binary kvm_path = kvm_cmd[0] up_hvp = objects.FillDict(conf_hvp, up_hvp) # We know it's safe to run as a different user upon migration, so we'll use # the latest conf, from conf_hvp. security_model = conf_hvp[constants.HV_SECURITY_MODEL] if security_model == constants.HT_SM_USER: kvm_cmd.extend(["-runas", conf_hvp[constants.HV_SECURITY_DOMAIN]]) keymap = conf_hvp[constants.HV_KEYMAP] if keymap: keymap_path = self._InstanceKeymapFile(name) # If a keymap file is specified, KVM won't use its internal defaults. By # first including the "en-us" layout, an error on loading the actual # layout (e.g. because it can't be found) won't lead to a non-functional # keyboard. A keyboard with incorrect keys is still better than none. utils.WriteFile(keymap_path, data="include en-us\ninclude %s\n" % keymap) kvm_cmd.extend(["-k", keymap_path]) # We have reasons to believe changing something like the nic driver/type # upon migration won't exactly fly with the instance kernel, so for nic # related parameters we'll use up_hvp tapfds = [] taps = [] devlist = self._GetKVMOutput(kvm_path, self._KVMOPT_DEVICELIST) if not kvm_nics: kvm_cmd.extend(["-net", "none"]) else: vnet_hdr = False tap_extra = "" nic_type = up_hvp[constants.HV_NIC_TYPE] if nic_type == constants.HT_NIC_PARAVIRTUAL: nic_model = self._VIRTIO try: if self._VIRTIO_NET_RE.search(devlist): nic_model = self._VIRTIO_NET_PCI vnet_hdr = up_hvp[constants.HV_VNET_HDR] except errors.HypervisorError, _: # Older versions of kvm don't support DEVICE_LIST, but they don't # have new virtio syntax either. pass if up_hvp[constants.HV_VHOST_NET]: # check for vhost_net support if self._VHOST_RE.search(kvmhelp): tap_extra = ",vhost=on" else: raise errors.HypervisorError("vhost_net is configured" " but it is not available") else: nic_model = nic_type kvm_supports_netdev = self._NETDEV_RE.search(kvmhelp) for nic_seq, nic in enumerate(kvm_nics): tapname, tapfd = OpenTap(vnet_hdr=vnet_hdr, name=self._GenerateTapName(nic)) tapfds.append(tapfd) taps.append(tapname) if kvm_supports_netdev: nic_val = "%s,mac=%s" % (nic_model, nic.mac) try: # kvm_nics already exist in old runtime files and thus there might # be some entries without pci slot (therefore try: except:) kvm_devid = _GenerateDeviceKVMId(constants.HOTPLUG_TARGET_NIC, nic) netdev = kvm_devid nic_val += (",id=%s,bus=pci.0,addr=%s" % (kvm_devid, hex(nic.pci))) except errors.HotplugError: netdev = "netdev%d" % nic_seq nic_val += (",netdev=%s" % netdev) tap_val = ("type=tap,id=%s,fd=%d%s" % (netdev, tapfd, tap_extra)) kvm_cmd.extend(["-netdev", tap_val, "-device", nic_val]) else: nic_val = "nic,vlan=%s,macaddr=%s,model=%s" % (nic_seq, nic.mac, nic_model) tap_val = "tap,vlan=%s,fd=%d" % (nic_seq, tapfd) kvm_cmd.extend(["-net", tap_val, "-net", nic_val]) if incoming: target, port = incoming kvm_cmd.extend(["-incoming", "tcp:%s:%s" % (target, port)]) # Changing the vnc password doesn't bother the guest that much. At most it # will surprise people who connect to it. Whether positively or negatively # it's debatable. vnc_pwd_file = conf_hvp[constants.HV_VNC_PASSWORD_FILE] vnc_pwd = None if vnc_pwd_file: try: vnc_pwd = utils.ReadOneLineFile(vnc_pwd_file, strict=True) except EnvironmentError, err: raise errors.HypervisorError("Failed to open VNC password file %s: %s" % (vnc_pwd_file, err)) if conf_hvp[constants.HV_KVM_USE_CHROOT]: utils.EnsureDirs([(self._InstanceChrootDir(name), constants.SECURE_DIR_MODE)]) # Automatically enable QMP if version is >= 0.14 if self._QMP_RE.search(kvmhelp): logging.debug("Enabling QMP") kvm_cmd.extend(["-qmp", "unix:%s,server,nowait" % self._InstanceQmpMonitor(instance.name)]) # Configure the network now for starting instances and bridged interfaces, # during FinalizeMigration for incoming instances' routed interfaces for nic_seq, nic in enumerate(kvm_nics): if (incoming and nic.nicparams[constants.NIC_MODE] != constants.NIC_MODE_BRIDGED): continue self._ConfigureNIC(instance, nic_seq, nic, taps[nic_seq]) bdev_opts = self._GenerateKVMBlockDevicesOptions(instance, kvm_disks, kvmhelp, devlist) kvm_cmd.extend(bdev_opts) # CPU affinity requires kvm to start paused, so we set this flag if the # instance is not already paused and if we are not going to accept a # migrating instance. In the latter case, pausing is not needed. start_kvm_paused = not (_KVM_START_PAUSED_FLAG in kvm_cmd) and not incoming if start_kvm_paused: kvm_cmd.extend([_KVM_START_PAUSED_FLAG]) # Note: CPU pinning is using up_hvp since changes take effect # during instance startup anyway, and to avoid problems when soft # rebooting the instance. cpu_pinning = False if up_hvp.get(constants.HV_CPU_MASK, None): cpu_pinning = True if security_model == constants.HT_SM_POOL: ss = ssconf.SimpleStore() uid_pool = uidpool.ParseUidPool(ss.GetUidPool(), separator="\n") all_uids = set(uidpool.ExpandUidPool(uid_pool)) uid = uidpool.RequestUnusedUid(all_uids) try: username = pwd.getpwuid(uid.GetUid()).pw_name kvm_cmd.extend(["-runas", username]) self._RunKVMCmd(name, kvm_cmd, tapfds) except: uidpool.ReleaseUid(uid) raise else: uid.Unlock() utils.WriteFile(self._InstanceUidFile(name), data=uid.AsStr()) else: self._RunKVMCmd(name, kvm_cmd, tapfds) utils.EnsureDirs([(self._InstanceNICDir(instance.name), constants.RUN_DIRS_MODE)]) for nic_seq, tap in enumerate(taps): utils.WriteFile(self._InstanceNICFile(instance.name, nic_seq), data=tap) if vnc_pwd: change_cmd = "change vnc password %s" % vnc_pwd self._CallMonitorCommand(instance.name, change_cmd) # Setting SPICE password. We are not vulnerable to malicious passwordless # connection attempts because SPICE by default does not allow connections # if neither a password nor the "disable_ticketing" options are specified. # As soon as we send the password via QMP, that password is a valid ticket # for connection. spice_password_file = conf_hvp[constants.HV_KVM_SPICE_PASSWORD_FILE] if spice_password_file: spice_pwd = "" try: spice_pwd = utils.ReadOneLineFile(spice_password_file, strict=True) except EnvironmentError, err: raise errors.HypervisorError("Failed to open SPICE password file %s: %s" % (spice_password_file, err)) qmp = QmpConnection(self._InstanceQmpMonitor(instance.name)) qmp.connect() arguments = { "protocol": "spice", "password": spice_pwd, } qmp.Execute("set_password", arguments) for filename in temp_files: utils.RemoveFile(filename) # If requested, set CPU affinity and resume instance execution if cpu_pinning: self._ExecuteCpuAffinity(instance.name, up_hvp[constants.HV_CPU_MASK]) start_memory = self._InstanceStartupMemory(instance) if start_memory < instance.beparams[constants.BE_MAXMEM]: self.BalloonInstanceMemory(instance, start_memory) if start_kvm_paused: # To control CPU pinning, ballooning, and vnc/spice passwords # the VM was started in a frozen state. If freezing was not # explicitly requested resume the vm status. self._CallMonitorCommand(instance.name, self._CONT_CMD) @staticmethod def _StartKvmd(hvparams): """Ensure that the Kvm daemon is running. """ if hvparams is None \ or not hvparams[constants.HV_KVM_USER_SHUTDOWN] \ or utils.IsDaemonAlive(constants.KVMD): return result = utils.RunCmd(constants.KVMD) if result.failed: raise errors.HypervisorError("Failed to start KVM daemon") def StartInstance(self, instance, block_devices, startup_paused): """Start an instance. """ self._CheckDown(instance.name) kvmpath = instance.hvparams[constants.HV_KVM_PATH] kvmhelp = self._GetKVMOutput(kvmpath, self._KVMOPT_HELP) kvm_runtime = self._GenerateKVMRuntime(instance, block_devices, startup_paused, kvmhelp) self._SaveKVMRuntime(instance, kvm_runtime) self._ExecuteKVMRuntime(instance, kvm_runtime, kvmhelp) @classmethod def _CallMonitorCommand(cls, instance_name, command, timeout=None): """Invoke a command on the instance monitor. """ if timeout is not None: timeout_cmd = "timeout %s" % (timeout, ) else: timeout_cmd = "" # TODO: Replace monitor calls with QMP once KVM >= 0.14 is the minimum # version. The monitor protocol is designed for human consumption, whereas # QMP is made for programmatic usage. In the worst case QMP can also # execute monitor commands. As it is, all calls to socat take at least # 500ms and likely more: socat can't detect the end of the reply and waits # for 500ms of no data received before exiting (500 ms is the default for # the "-t" parameter). socat = ("echo %s | %s %s STDIO UNIX-CONNECT:%s" % (utils.ShellQuote(command), timeout_cmd, constants.SOCAT_PATH, utils.ShellQuote(cls._InstanceMonitor(instance_name)))) result = utils.RunCmd(socat) if result.failed: msg = ("Failed to send command '%s' to instance '%s', reason '%s'," " output: %s" % (command, instance_name, result.fail_reason, result.output)) raise errors.HypervisorError(msg) return result def _GetFreePCISlot(self, instance, dev): """Get the first available pci slot of a runnung instance. """ slots = bitarray(32) slots.setall(False) # pylint: disable=E1101 output = self._CallMonitorCommand(instance.name, self._INFO_PCI_CMD) for line in output.stdout.splitlines(): match = self._INFO_PCI_RE.search(line) if match: slot = int(match.group(1)) slots[slot] = True dev.pci = _GetFreeSlot(slots) def VerifyHotplugSupport(self, instance, action, dev_type): """Verifies that hotplug is supported. Hotplug is *not* supported in case of: - security models and chroot (disk hotplug) - fdsend module is missing (nic hot-add) @raise errors.HypervisorError: in one of the previous cases """ if dev_type == constants.HOTPLUG_TARGET_DISK: hvp = instance.hvparams security_model = hvp[constants.HV_SECURITY_MODEL] use_chroot = hvp[constants.HV_KVM_USE_CHROOT] if use_chroot: raise errors.HotplugError("Disk hotplug is not supported" " in case of chroot.") if security_model != constants.HT_SM_NONE: raise errors.HotplugError("Disk Hotplug is not supported in case" " security models are used.") if (dev_type == constants.HOTPLUG_TARGET_NIC and action == constants.HOTPLUG_ACTION_ADD and not fdsend): raise errors.HotplugError("Cannot hot-add NIC." " fdsend python module is missing.") def HotplugSupported(self, instance): """Checks if hotplug is generally supported. Hotplug is *not* supported in case of: - qemu versions < 1.0 - for stopped instances @raise errors.HypervisorError: in one of the previous cases """ try: output = self._CallMonitorCommand(instance.name, self._INFO_VERSION_CMD) except errors.HypervisorError: raise errors.HotplugError("Instance is probably down") # TODO: search for netdev_add, drive_add, device_add..... match = self._INFO_VERSION_RE.search(output.stdout) if not match: raise errors.HotplugError("Cannot parse qemu version via monitor") v_major, v_min, _, _ = match.groups() if (int(v_major), int(v_min)) < (1, 0): raise errors.HotplugError("Hotplug not supported for qemu versions < 1.0") def _CallHotplugCommands(self, name, cmds): for c in cmds: self._CallMonitorCommand(name, c) time.sleep(1) def _VerifyHotplugCommand(self, instance_name, device, dev_type, should_exist): """Checks if a previous hotplug command has succeeded. It issues info pci monitor command and checks depending on should_exist value if an entry with PCI slot and device ID is found or not. @raise errors.HypervisorError: if result is not the expected one """ output = self._CallMonitorCommand(instance_name, self._INFO_PCI_CMD) kvm_devid = _GenerateDeviceKVMId(dev_type, device) match = \ self._FIND_PCI_DEVICE_RE(device.pci, kvm_devid).search(output.stdout) if match and not should_exist: msg = "Device %s should have been removed but is still there" % kvm_devid raise errors.HypervisorError(msg) if not match and should_exist: msg = "Device %s should have been added but is missing" % kvm_devid raise errors.HypervisorError(msg) logging.info("Device %s has been correctly hot-plugged", kvm_devid) def HotAddDevice(self, instance, dev_type, device, extra, seq): """ Helper method to hot-add a new device It gets free pci slot generates the device name and invokes the device specific method. """ # in case of hot-mod this is given if device.pci is None: self._GetFreePCISlot(instance, device) kvm_devid = _GenerateDeviceKVMId(dev_type, device) runtime = self._LoadKVMRuntime(instance) if dev_type == constants.HOTPLUG_TARGET_DISK: cmds = ["drive_add dummy file=%s,if=none,id=%s,format=raw" % (extra, kvm_devid)] cmds += ["device_add virtio-blk-pci,bus=pci.0,addr=%s,drive=%s,id=%s" % (hex(device.pci), kvm_devid, kvm_devid)] elif dev_type == constants.HOTPLUG_TARGET_NIC: (tap, fd) = OpenTap() self._ConfigureNIC(instance, seq, device, tap) self._PassTapFd(instance, fd, device) cmds = ["netdev_add tap,id=%s,fd=%s" % (kvm_devid, kvm_devid)] args = "virtio-net-pci,bus=pci.0,addr=%s,mac=%s,netdev=%s,id=%s" % \ (hex(device.pci), device.mac, kvm_devid, kvm_devid) cmds += ["device_add %s" % args] utils.WriteFile(self._InstanceNICFile(instance.name, seq), data=tap) self._CallHotplugCommands(instance.name, cmds) self._VerifyHotplugCommand(instance.name, device, dev_type, True) # update relevant entries in runtime file index = _DEVICE_RUNTIME_INDEX[dev_type] entry = _RUNTIME_ENTRY[dev_type](device, extra) runtime[index].append(entry) self._SaveKVMRuntime(instance, runtime) def HotDelDevice(self, instance, dev_type, device, _, seq): """ Helper method for hot-del device It gets device info from runtime file, generates the device name and invokes the device specific method. """ runtime = self._LoadKVMRuntime(instance) entry = _GetExistingDeviceInfo(dev_type, device, runtime) kvm_device = _RUNTIME_DEVICE[dev_type](entry) kvm_devid = _GenerateDeviceKVMId(dev_type, kvm_device) if dev_type == constants.HOTPLUG_TARGET_DISK: cmds = ["device_del %s" % kvm_devid] cmds += ["drive_del %s" % kvm_devid] elif dev_type == constants.HOTPLUG_TARGET_NIC: cmds = ["device_del %s" % kvm_devid] cmds += ["netdev_del %s" % kvm_devid] utils.RemoveFile(self._InstanceNICFile(instance.name, seq)) self._CallHotplugCommands(instance.name, cmds) self._VerifyHotplugCommand(instance.name, kvm_device, dev_type, False) index = _DEVICE_RUNTIME_INDEX[dev_type] runtime[index].remove(entry) self._SaveKVMRuntime(instance, runtime) return kvm_device.pci def HotModDevice(self, instance, dev_type, device, _, seq): """ Helper method for hot-mod device It gets device info from runtime file, generates the device name and invokes the device specific method. Currently only NICs support hot-mod """ if dev_type == constants.HOTPLUG_TARGET_NIC: # putting it back in the same pci slot device.pci = self.HotDelDevice(instance, dev_type, device, _, seq) self.HotAddDevice(instance, dev_type, device, _, seq) def _PassTapFd(self, instance, fd, nic): """Pass file descriptor to kvm process via monitor socket using SCM_RIGHTS """ # TODO: factor out code related to unix sockets. # squash common parts between monitor and qmp kvm_devid = _GenerateDeviceKVMId(constants.HOTPLUG_TARGET_NIC, nic) command = "getfd %s\n" % kvm_devid fds = [fd] logging.info("%s", fds) try: monsock = MonitorSocket(self._InstanceMonitor(instance.name)) monsock.connect() fdsend.sendfds(monsock.sock, command, fds=fds) finally: monsock.close() @classmethod def _ParseKVMVersion(cls, text): """Parse the KVM version from the --help output. @type text: string @param text: output of kvm --help @return: (version, v_maj, v_min, v_rev) @raise errors.HypervisorError: when the KVM version cannot be retrieved """ match = cls._VERSION_RE.search(text.splitlines()[0]) if not match: raise errors.HypervisorError("Unable to get KVM version") v_all = match.group(0) v_maj = int(match.group(1)) v_min = int(match.group(2)) if match.group(4): v_rev = int(match.group(4)) else: v_rev = 0 return (v_all, v_maj, v_min, v_rev) @classmethod def _GetKVMOutput(cls, kvm_path, option): """Return the output of a kvm invocation @type kvm_path: string @param kvm_path: path to the kvm executable @type option: a key of _KVMOPTS_CMDS @param option: kvm option to fetch the output from @return: output a supported kvm invocation @raise errors.HypervisorError: when the KVM help output cannot be retrieved """ assert option in cls._KVMOPTS_CMDS, "Invalid output option" optlist, can_fail = cls._KVMOPTS_CMDS[option] result = utils.RunCmd([kvm_path] + optlist) if result.failed and not can_fail: raise errors.HypervisorError("Unable to get KVM %s output" % " ".join(optlist)) return result.output @classmethod def _GetKVMVersion(cls, kvm_path): """Return the installed KVM version. @return: (version, v_maj, v_min, v_rev) @raise errors.HypervisorError: when the KVM version cannot be retrieved """ return cls._ParseKVMVersion(cls._GetKVMOutput(kvm_path, cls._KVMOPT_HELP)) @classmethod def _GetDefaultMachineVersion(cls, kvm_path): """Return the default hardware revision (e.g. pc-1.1) """ output = cls._GetKVMOutput(kvm_path, cls._KVMOPT_MLIST) match = cls._DEFAULT_MACHINE_VERSION_RE.search(output) if match: return match.group(1) else: return "pc" @classmethod def _StopInstance(cls, instance, force=False, name=None, timeout=None): """Stop an instance. """ assert(timeout is None or force is not None) if name is not None and not force: raise errors.HypervisorError("Cannot shutdown cleanly by name only") if name is None: name = instance.name acpi = instance.hvparams[constants.HV_ACPI] else: acpi = False _, pid, alive = cls._InstancePidAlive(name) if pid > 0 and alive: if force or not acpi: utils.KillProcess(pid) else: cls._CallMonitorCommand(name, "system_powerdown", timeout) cls._ClearUserShutdown(instance.name) def StopInstance(self, instance, force=False, retry=False, name=None, timeout=None): """Stop an instance. """ self._StopInstance(instance, force, name=name, timeout=timeout) def CleanupInstance(self, instance_name): """Cleanup after a stopped instance """ pidfile, pid, alive = self._InstancePidAlive(instance_name) if pid > 0 and alive: raise errors.HypervisorError("Cannot cleanup a live instance") self._RemoveInstanceRuntimeFiles(pidfile, instance_name) self._ClearUserShutdown(instance_name) def RebootInstance(self, instance): """Reboot an instance. """ # For some reason if we do a 'send-key ctrl-alt-delete' to the control # socket the instance will stop, but now power up again. So we'll resort # to shutdown and restart. _, _, alive = self._InstancePidAlive(instance.name) if not alive: raise errors.HypervisorError("Failed to reboot instance %s:" " not running" % instance.name) # StopInstance will delete the saved KVM runtime so: # ...first load it... kvm_runtime = self._LoadKVMRuntime(instance) # ...now we can safely call StopInstance... if not self.StopInstance(instance): self.StopInstance(instance, force=True) # ...and finally we can save it again, and execute it... self._SaveKVMRuntime(instance, kvm_runtime) kvmpath = instance.hvparams[constants.HV_KVM_PATH] kvmhelp = self._GetKVMOutput(kvmpath, self._KVMOPT_HELP) self._ExecuteKVMRuntime(instance, kvm_runtime, kvmhelp) def MigrationInfo(self, instance): """Get instance information to perform a migration. @type instance: L{objects.Instance} @param instance: instance to be migrated @rtype: string @return: content of the KVM runtime file """ return self._ReadKVMRuntime(instance.name) def AcceptInstance(self, instance, info, target): """Prepare to accept an instance. @type instance: L{objects.Instance} @param instance: instance to be accepted @type info: string @param info: content of the KVM runtime file on the source node @type target: string @param target: target host (usually ip), on this node """ kvm_runtime = self._LoadKVMRuntime(instance, serialized_runtime=info) incoming_address = (target, instance.hvparams[constants.HV_MIGRATION_PORT]) kvmpath = instance.hvparams[constants.HV_KVM_PATH] kvmhelp = self._GetKVMOutput(kvmpath, self._KVMOPT_HELP) self._ExecuteKVMRuntime(instance, kvm_runtime, kvmhelp, incoming=incoming_address) def FinalizeMigrationDst(self, instance, info, success): """Finalize the instance migration on the target node. Stop the incoming mode KVM. @type instance: L{objects.Instance} @param instance: instance whose migration is being finalized """ if success: kvm_runtime = self._LoadKVMRuntime(instance, serialized_runtime=info) kvm_nics = kvm_runtime[1] for nic_seq, nic in enumerate(kvm_nics): if nic.nicparams[constants.NIC_MODE] == constants.NIC_MODE_BRIDGED: # Bridged interfaces have already been configured continue try: tap = utils.ReadFile(self._InstanceNICFile(instance.name, nic_seq)) except EnvironmentError, err: logging.warning("Failed to find host interface for %s NIC #%d: %s", instance.name, nic_seq, str(err)) continue try: self._ConfigureNIC(instance, nic_seq, nic, tap) except errors.HypervisorError, err: logging.warning(str(err)) self._WriteKVMRuntime(instance.name, info) else: self.StopInstance(instance, force=True) def MigrateInstance(self, cluster_name, instance, target, live): """Migrate an instance to a target node. The migration will not be attempted if the instance is not currently running. @type cluster_name: string @param cluster_name: name of the cluster @type instance: L{objects.Instance} @param instance: the instance to be migrated @type target: string @param target: ip address of the target node @type live: boolean @param live: perform a live migration """ instance_name = instance.name port = instance.hvparams[constants.HV_MIGRATION_PORT] _, _, alive = self._InstancePidAlive(instance_name) if not alive: raise errors.HypervisorError("Instance not running, cannot migrate") if not live: self._CallMonitorCommand(instance_name, "stop") migrate_command = ("migrate_set_speed %dm" % instance.hvparams[constants.HV_MIGRATION_BANDWIDTH]) self._CallMonitorCommand(instance_name, migrate_command) migrate_command = ("migrate_set_downtime %dms" % instance.hvparams[constants.HV_MIGRATION_DOWNTIME]) self._CallMonitorCommand(instance_name, migrate_command) migration_caps = instance.hvparams[constants.HV_KVM_MIGRATION_CAPS] if migration_caps: for c in migration_caps.split(_MIGRATION_CAPS_DELIM): migrate_command = ("migrate_set_capability %s on" % c) self._CallMonitorCommand(instance_name, migrate_command) migrate_command = "migrate -d tcp:%s:%s" % (target, port) self._CallMonitorCommand(instance_name, migrate_command) def FinalizeMigrationSource(self, instance, success, live): """Finalize the instance migration on the source node. @type instance: L{objects.Instance} @param instance: the instance that was migrated @type success: bool @param success: whether the migration succeeded or not @type live: bool @param live: whether the user requested a live migration or not """ if success: pidfile, pid, _ = self._InstancePidAlive(instance.name) utils.KillProcess(pid) self._RemoveInstanceRuntimeFiles(pidfile, instance.name) elif live: self._CallMonitorCommand(instance.name, self._CONT_CMD) self._ClearUserShutdown(instance.name) def GetMigrationStatus(self, instance): """Get the migration status @type instance: L{objects.Instance} @param instance: the instance that is being migrated @rtype: L{objects.MigrationStatus} @return: the status of the current migration (one of L{constants.HV_MIGRATION_VALID_STATUSES}), plus any additional progress info that can be retrieved from the hypervisor """ info_command = "info migrate" for _ in range(self._MIGRATION_INFO_MAX_BAD_ANSWERS): result = self._CallMonitorCommand(instance.name, info_command) match = self._MIGRATION_STATUS_RE.search(result.stdout) if not match: if not result.stdout: logging.info("KVM: empty 'info migrate' result") else: logging.warning("KVM: unknown 'info migrate' result: %s", result.stdout) else: status = match.group(1) if status in constants.HV_KVM_MIGRATION_VALID_STATUSES: migration_status = objects.MigrationStatus(status=status) match = self._MIGRATION_PROGRESS_RE.search(result.stdout) if match: migration_status.transferred_ram = match.group("transferred") migration_status.total_ram = match.group("total") return migration_status logging.warning("KVM: unknown migration status '%s'", status) time.sleep(self._MIGRATION_INFO_RETRY_DELAY) return objects.MigrationStatus(status=constants.HV_MIGRATION_FAILED) def BalloonInstanceMemory(self, instance, mem): """Balloon an instance memory to a certain value. @type instance: L{objects.Instance} @param instance: instance to be accepted @type mem: int @param mem: actual memory size to use for instance runtime """ self._CallMonitorCommand(instance.name, "balloon %d" % mem) def GetNodeInfo(self, hvparams=None): """Return information about the node. @type hvparams: dict of strings @param hvparams: hypervisor parameters, not used in this class @return: a dict as returned by L{BaseHypervisor.GetLinuxNodeInfo} plus the following keys: - hv_version: the hypervisor version in the form (major, minor, revision) """ result = self.GetLinuxNodeInfo() kvmpath = constants.KVM_PATH if hvparams is not None: kvmpath = hvparams.get(constants.HV_KVM_PATH, constants.KVM_PATH) _, v_major, v_min, v_rev = self._GetKVMVersion(kvmpath) result[constants.HV_NODEINFO_KEY_VERSION] = (v_major, v_min, v_rev) return result @classmethod def GetInstanceConsole(cls, instance, primary_node, node_group, hvparams, beparams): """Return a command for connecting to the console of an instance. """ if hvparams[constants.HV_SERIAL_CONSOLE]: cmd = [pathutils.KVM_CONSOLE_WRAPPER, constants.SOCAT_PATH, utils.ShellQuote(instance.name), utils.ShellQuote(cls._InstanceMonitor(instance.name)), "STDIO,%s" % cls._SocatUnixConsoleParams(), "UNIX-CONNECT:%s" % cls._InstanceSerial(instance.name)] ndparams = node_group.FillND(primary_node) return objects.InstanceConsole(instance=instance.name, kind=constants.CONS_SSH, host=primary_node.name, port=ndparams.get(constants.ND_SSH_PORT), user=constants.SSH_CONSOLE_USER, command=cmd) vnc_bind_address = hvparams[constants.HV_VNC_BIND_ADDRESS] if vnc_bind_address and instance.network_port > constants.VNC_BASE_PORT: display = instance.network_port - constants.VNC_BASE_PORT return objects.InstanceConsole(instance=instance.name, kind=constants.CONS_VNC, host=vnc_bind_address, port=instance.network_port, display=display) spice_bind = hvparams[constants.HV_KVM_SPICE_BIND] if spice_bind: return objects.InstanceConsole(instance=instance.name, kind=constants.CONS_SPICE, host=spice_bind, port=instance.network_port) return objects.InstanceConsole(instance=instance.name, kind=constants.CONS_MESSAGE, message=("No serial shell for instance %s" % instance.name)) def Verify(self, hvparams=None): """Verify the hypervisor. Check that the required binaries exist. @type hvparams: dict of strings @param hvparams: hypervisor parameters to be verified against, not used here @return: Problem description if something is wrong, C{None} otherwise """ msgs = [] kvmpath = constants.KVM_PATH if hvparams is not None: kvmpath = hvparams.get(constants.HV_KVM_PATH, constants.KVM_PATH) if not os.path.exists(kvmpath): msgs.append("The KVM binary ('%s') does not exist" % kvmpath) if not os.path.exists(constants.SOCAT_PATH): msgs.append("The socat binary ('%s') does not exist" % constants.SOCAT_PATH) return self._FormatVerifyResults(msgs) @classmethod def CheckParameterSyntax(cls, hvparams): """Check the given parameters for validity. @type hvparams: dict @param hvparams: dictionary with parameter names/value @raise errors.HypervisorError: when a parameter is not valid """ super(KVMHypervisor, cls).CheckParameterSyntax(hvparams) kernel_path = hvparams[constants.HV_KERNEL_PATH] if kernel_path: if not hvparams[constants.HV_ROOT_PATH]: raise errors.HypervisorError("Need a root partition for the instance," " if a kernel is defined") if (hvparams[constants.HV_VNC_X509_VERIFY] and not hvparams[constants.HV_VNC_X509]): raise errors.HypervisorError("%s must be defined, if %s is" % (constants.HV_VNC_X509, constants.HV_VNC_X509_VERIFY)) if hvparams[constants.HV_SERIAL_CONSOLE]: serial_speed = hvparams[constants.HV_SERIAL_SPEED] valid_speeds = constants.VALID_SERIAL_SPEEDS if not serial_speed or serial_speed not in valid_speeds: raise errors.HypervisorError("Invalid serial console speed, must be" " one of: %s" % utils.CommaJoin(valid_speeds)) boot_order = hvparams[constants.HV_BOOT_ORDER] if (boot_order == constants.HT_BO_CDROM and not hvparams[constants.HV_CDROM_IMAGE_PATH]): raise errors.HypervisorError("Cannot boot from cdrom without an" " ISO path") security_model = hvparams[constants.HV_SECURITY_MODEL] if security_model == constants.HT_SM_USER: if not hvparams[constants.HV_SECURITY_DOMAIN]: raise errors.HypervisorError("A security domain (user to run kvm as)" " must be specified") elif (security_model == constants.HT_SM_NONE or security_model == constants.HT_SM_POOL): if hvparams[constants.HV_SECURITY_DOMAIN]: raise errors.HypervisorError("Cannot have a security domain when the" " security model is 'none' or 'pool'") spice_bind = hvparams[constants.HV_KVM_SPICE_BIND] spice_ip_version = hvparams[constants.HV_KVM_SPICE_IP_VERSION] if spice_bind: if spice_ip_version != constants.IFACE_NO_IP_VERSION_SPECIFIED: # if an IP version is specified, the spice_bind parameter must be an # IP of that family if (netutils.IP4Address.IsValid(spice_bind) and spice_ip_version != constants.IP4_VERSION): raise errors.HypervisorError("SPICE: Got an IPv4 address (%s), but" " the specified IP version is %s" % (spice_bind, spice_ip_version)) if (netutils.IP6Address.IsValid(spice_bind) and spice_ip_version != constants.IP6_VERSION): raise errors.HypervisorError("SPICE: Got an IPv6 address (%s), but" " the specified IP version is %s" % (spice_bind, spice_ip_version)) else: # All the other SPICE parameters depend on spice_bind being set. Raise an # error if any of them is set without it. for param in _SPICE_ADDITIONAL_PARAMS: if hvparams[param]: raise errors.HypervisorError("SPICE: %s requires %s to be set" % (param, constants.HV_KVM_SPICE_BIND)) @classmethod def ValidateParameters(cls, hvparams): """Check the given parameters for validity. @type hvparams: dict @param hvparams: dictionary with parameter names/value @raise errors.HypervisorError: when a parameter is not valid """ super(KVMHypervisor, cls).ValidateParameters(hvparams) kvm_path = hvparams[constants.HV_KVM_PATH] security_model = hvparams[constants.HV_SECURITY_MODEL] if security_model == constants.HT_SM_USER: username = hvparams[constants.HV_SECURITY_DOMAIN] try: pwd.getpwnam(username) except KeyError: raise errors.HypervisorError("Unknown security domain user %s" % username) vnc_bind_address = hvparams[constants.HV_VNC_BIND_ADDRESS] if vnc_bind_address: bound_to_addr = netutils.IP4Address.IsValid(vnc_bind_address) is_interface = netutils.IsValidInterface(vnc_bind_address) is_path = utils.IsNormAbsPath(vnc_bind_address) if not bound_to_addr and not is_interface and not is_path: raise errors.HypervisorError("VNC: The %s parameter must be either" " a valid IP address, an interface name," " or an absolute path" % constants.HV_KVM_SPICE_BIND) spice_bind = hvparams[constants.HV_KVM_SPICE_BIND] if spice_bind: # only one of VNC and SPICE can be used currently. if hvparams[constants.HV_VNC_BIND_ADDRESS]: raise errors.HypervisorError("Both SPICE and VNC are configured, but" " only one of them can be used at a" " given time") # check that KVM supports SPICE kvmhelp = cls._GetKVMOutput(kvm_path, cls._KVMOPT_HELP) if not cls._SPICE_RE.search(kvmhelp): raise errors.HypervisorError("SPICE is configured, but it is not" " supported according to 'kvm --help'") # if spice_bind is not an IP address, it must be a valid interface bound_to_addr = (netutils.IP4Address.IsValid(spice_bind) or netutils.IP6Address.IsValid(spice_bind)) if not bound_to_addr and not netutils.IsValidInterface(spice_bind): raise errors.HypervisorError("SPICE: The %s parameter must be either" " a valid IP address or interface name" % constants.HV_KVM_SPICE_BIND) machine_version = hvparams[constants.HV_KVM_MACHINE_VERSION] if machine_version: output = cls._GetKVMOutput(kvm_path, cls._KVMOPT_MLIST) if not cls._CHECK_MACHINE_VERSION_RE(machine_version).search(output): raise errors.HypervisorError("Unsupported machine version: %s" % machine_version) @classmethod def PowercycleNode(cls, hvparams=None): """KVM powercycle, just a wrapper over Linux powercycle. @type hvparams: dict of strings @param hvparams: hypervisor params to be used on this node """ cls.LinuxPowercycle()