openstack
/
nova
Code Issues Proposed changes
nova/nova/virt
History
Lee Yarwood 3f8daf0804 libvirt: Re-initialise volumes, encryptors, and vifs on hard reboot 
We call _hard_reboot during reboot, power_on, and
resume_state_on_host_boot. It functions essentially by tearing as much
of an instance as possible before recreating it, which additionally
makes it useful to operators for attempting automated recovery of
instances in an inconsistent state.

The Libvirt driver would previously only call _destroy and
_undefine_domain when hard rebooting an instance. This would leave vifs
plugged, volumes connected, and encryptors attached on the host. It
also means that when we try to restart the instance, we assume all
these things are correctly configured. If they are not, the instance
may fail to start at all, or may be incorrectly configured when
starting.

For example, consider an instance with an encrypted volume after a
compute host reboot. When we attempt to start the instance, power_on
will call _hard_reboot. The volume will be coincidentally re-attached
as a side-effect of calling _get_guest_xml(!), but when we call
_create_domain_and_network we pass reboot=True, which tells it not to
reattach the encryptor, as it is assumed to be already attached. We
are therefore left presenting the encrypted volume data directly to
the instance without decryption.

The approach in this patch is to ensure we recreate the instance as
fully as possible during hard reboot. This means not passing
vifs_already_plugged and reboot to _create_domain_and_network, which
in turn requires that we fully destroy the instance first. This
addresses the specific problem given in the example, but also a whole
class of potential volume and vif related issues of inconsistent
state.

Because we now always tear down volumes, encryptors, and vifs, we are
relying on the tear down of these things to be idempotent.  This
highlighted that detach of the luks and cryptsetup encryptors were not
idempotent. We depend on the fixes for those os-brick drivers.

Depends-On: I31d72357c89db53a147c2d986a28c9c6870efad0
Depends-On: I9f52f89b8466d03699cfd5c0e32c672c934cd6fb

Closes-bug: #1724573
Change-Id: Id188d48609f3d22d14e16c7f6114291d547a8986
 		2017-11-18 00:22:02 +00:00
..
disk Move blkid calls to privsep. 2017-10-26 07:16:09 +11:00
hyperv Merge "hyperv: report disk_available_least field" 2017-10-24 06:19:45 +00:00
image libvirt: virtuozzo instance resize support 2016-06-28 22:13:49 +03:00
ironic Merge "Pick ironic nodes without VCPU set" 2017-10-19 20:08:06 +00:00
libvirt libvirt: Re-initialise volumes, encryptors, and vifs on hard reboot 2017-11-18 00:22:02 +00:00
powervm Send Allocations to spawn 2017-10-18 06:43:57 -05:00
vmwareapi Merge "VMware: serial console log (completed)" 2017-11-21 10:57:15 +00:00
xenapi rt: Implement XenAPI get_inventory() method 2017-10-27 14:26:18 +00:00
__init__.py Declare nova.virt namespace 2016-04-28 15:01:44 +00:00
block_device.py Add attachment_get to refresh_connection_info 2017-10-18 23:10:38 -04:00
configdrive.py Cleanup mount / umount and associated rmdir calls 2017-10-18 17:52:58 +11:00
driver.py Merge "Keep updating allocations for Ironic" 2017-10-19 04:58:28 +00:00
event.py Add 'suspended' lifecycle event 2015-04-03 03:59:20 +03:00
fake.py Implement power_off/power_on for the FakeDriver 2017-11-02 11:34:42 -04:00
firewall.py Merge "Remove translation of log messages" 2017-06-20 21:16:49 +00:00
hardware.py Merge "Trim the fat from InstanceInfo" 2017-09-06 15:34:04 +00:00
imagecache.py Rename ImageCacheManager._list_base_images to _scan_base_images 2016-05-26 14:45:42 +01:00
images.py Support qemu >= 2.10 2017-09-27 16:45:37 -04:00
interfaces.template
netutils.py provide interface-scoped nameserver information 2017-07-19 21:08:59 -04:00
osinfo.py Remove translation of log messages 2017-06-13 11:20:28 +07:00
storage_users.py Remove translation of log messages 2017-06-13 11:20:28 +07:00
virtapi.py Remove unused provider firewall rules functionality in nova 2016-02-01 15:50:04 +01:00