This allow to migrate disks on local storage to a remote node storage.
When the target node start, a new volumes are created and exposed through qemu embedded nbd server.
qemu drive-mirror is launch on source vm for each disk with nbd server as target.
when drive-mirror reach 100% of 1 disk, we don't complete the block jobs and begin mirror of next disk.
(mirroring are parralel, but we try to mirroring them 1 by 1 to avoid storage && network overload)
Then we live migrate the vm to destination node. (drive-mirror still occur at the same time).
We the vm is livemigrate (source vm paused, target vm pause), we complete the block jobs mirror.
When is done we stop the source vm and resume the target vm
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This will create a new drive for each local drive found,
and start the vm with this new drives.
if targetstorage == 1, we use same sid than original vm disk
a nbd server is started in qemu and expose local volumes to network port
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
because these allow adding arbitrary devices to VMs (and
other potentially dangerous things).
whitelist 'info *' and 'help' as usable with just
VM.Monitor, if more are desired and requested they can be
added later.
Without this patch we use the network were the cluster traffic runs
for sending migration traffic. This is not ideal as it may hinder
cluster traffic. Further some users have a powerful network which
would be perfect for migrations, with this patch they can run the
migration traffic over such a network without having the corosync
traffic on the same network.
The network is configurable through /etc/pve/datacenter.cfg which
got a new property, namely migration. migration has two
subproperties: type (replaces the old migration_unsecure property)
and network.
For the case of a network failure or that a VM has to be moved over
another network for arbitrary other reasons I added the
migration_type and migration_network parameters to qm migrate (and
respectively vm_start as this gets used on migration).
They allow overwriting the datacenter.cfg settings.
Fixes bug #1177
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
before copying the efidisk image to a storage,
we first have to activate the volume
also, add the -n flag to qemu-img convert (prevents
creation of the target volume)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
when we create the efidisk0 over the api,
we discard the size, and create a 128kbyte vdisk
and copy it there with qemu-img convert
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this API call changes the config quite drastically, and as
such should not be possible while an operation that holds a
lock is ongoing (e.g., migration, backup, snapshot).
we needed root@pam rights to remove an unused disk
from a vm (instead of the correct Storage rights)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
moved numa\d+ persmission to VM.Config.CPU
and serial/parallel to root since it accesses the host hardware
also renamed remainingoptions to generaloptions to
reduce confusion, since the real remaining options
(those that we do not specify) require root
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
instead of defaulting to VM.Config.Options for
all options not checked seperately, we
now have lists for the different config permissions
and check them accordingly.
for everything not given, we require root access
this is important especially for usbN and hostpciN
since they can change the host configuration
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
The volume_size_info() call was what actually failed, but
the error reported to the gui came from afterwards trying to
resize the disk to a garabge size.
Otherwise some move operations will fail to delete the old
disk (eg. when moving from ceph to local storage).
Note that in order for the deactivation to succeed we need
to make sure qemu has closed its file descriptors, so we
need to wait for the job to disappear the same way we do in
$cancel_job().
Factored the waiting out into $finish_job().
previously, when shutting down a suspended vm,
we successfully send the shutdown command to it,
but it will not shutdown (because it is suspended)
there we will run into the timeout and either
bail out with an error, or kill the process
when we not kill the process and resume the vm,
it will instantly shutdown, because of the previous
command
this patch checks the status of the vm beforehand,
and either bails out with an error that you cannot
shutdown a suspended vm, or stops the vm with the
correct qmp command (depending of forceStop)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Drop snapshot_create, snapshot_delete and snapshot_rollback
in favour of PVE::AbstractConfig. Qemu-specific parts are
implemented in __snapshot_XX methods in PVE::QemuConfig.
has_feature is made an implementation of the abstract
has_feature, and thus moves to PVE::QemuConfig.
Note: a new hook method needed to be introduced to be called
before creating a volume snapshot, after creating a volume
snapshot, and after unfreezing the guestfs after creating a
volume snapshot. The base method in PVE::AbstractConfig is a
noop, the implemention in PVE::QemuConfig runs the necessary
Qemu monitor commands.
Drop load_config, write_config, lock_config[_xx],
check_lock, check_protection, is_template and config_file
in favour of implementions in PVE::AbstractConfig.
Implement guest_type, __config_max_unused_disks,
config_file_lock and cfs_config_path from
PVE::AbstractConfig in PVE::QemuConfig.
Previously, foreach_drive iterated over all configuration
keys (in a random order) and checked whether the current key
is a valid drive name. Instead, we now iterate over a list
of valid drive names (with deterministic order) and check
whether a drive with such a name exists in the
configuration.
Also rename the two involved methods from valid_drive_name
to is_valid_drive_name (for the check) and from disknames
to valid_drive_names (for the list of valid keys), for
consistency. These two were only used in the qemu-server
code base.
qm list and qm status both show suspended VMs as 'running'
while the GUI's status summary shows them as 'paused'.
This patch makes 'qm status' always request the full status
and adds an optional '-full' parameter for 'qm list' to
use a full status query to include the 'paused' state. (This
is optional as it causes qmp requests to all running VMs.)
We can clone online a running vm, we don't have to deactive source vm volume
if the source vm is running
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Since write_config was always called with skiplock=1 except
once, it makes sense to drop this parameter like in
PVE::LXC::write_config . If needed in the future, the
caller can use check_lock before write_config anyway.
The method update_config wrapped update_config_nolock
using lock_config, but to prevent update races the whole
"read config", "do something", "write config" flow was
always protected by lock_config anyway, and update_config
was never called.
Thus, we can safely drop update_config and rename
update_config_nolock to write_config like in PVE::LXC .
get_used_paths returned a hash of used paths for all the
volumes in a VM's config, which is not enough to figure out
whether there are snapshots, as snapshots often have
different paths. Eg. on ZFS it is not enough to check for
/dev/zvol/tank/vm-123-disk-1 because the snapshot's path is
/dev/zvol/tank/vm-123-disk-1@snap1 and thus we allowed
deleting the drive. Then when trying to delete the snapshot
later you get:
zfs error: cannot open 'tank/vm-751-disk-1': dataset does not exist
and it refuses to delete the snapshot.
Since its only use was to check whether or not a drive is
still in use it is now renamed to is_volume_in_use and
beside checking paths now also checks volume-ids as those
should stay the same.
Add the respective completion function for the:
*) start
*) stop
*) shutdown
*) suspend
*) resume
*) sendkey
qm commands. The destroy command was left out on purpose for now.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
'full' is not a valid drive property which are now being
checked in print_property_string. Since it's only a
temporary value and passed to clone_disk as parameter it
can be stored separately.
Users have reported resume bug when HA is used.
They seem to have a little race (bench show >0s < 1s) between the vm conf file move on source node and replication to,
and resume on target node.
I don't known why this is only with HA, maybe this occur will standard migration too.
Anyway, we don't need to read the vm config file to resume the vm on target host,
as we are sure that the vm is migrated, and config file move action is correct in the cluster.
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
to change to boot order it is needed to assign a user the
VM.Config.Disk privilege set with the add/modify/delete disk
permissions -> now the patch allows the boot order to be (re)defined
with the VM.Config.Options set - the modify any other VM configuration
used to prevent an unintended virtual machine remove operation
v3 changes:
- changed man page message
- removed protection parameter (where not needed)
This is an minor fix which let's you start the spice console on an
unnamed VM without getting the 'Use of uninitialized value in
concatenation' error.
Also changes the trailing comma from the $conf definition lineto an
semicolon.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The -force flag didn't have any effect since the pending
changes didn't carry over the the flag.
Now forced deletes have an exclamation mark prepended to the
option name.
netcat6 supports both ipv4 and ipv6, contrary to netcat-traditional.
Additionally rather than using the alternatives-managed /bin/nc path,
/bin/nc6 is now used which always points to the netcat6 implementation,
allowing us to drop the netcat-openbsd conflict entry.
vcpus = current allocate vpus to virtual machine
maxcpus is now compute from $sockets*cores
vcpus = maxcpus if not defined
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
config api return by default the pending config, like this it don't break current behaviour
Add an optionnal current param to get to current running config
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
remove the freezefs flag.
If Qemu Guest Agent flag is set in config the vm filesystem will always be frozen,
unless we save RAM.
also remove param freezefs in PVE::API2 snapshot,
because there is no use for it.
Signed-off-by: Wolfgang Link <wolfgang@linksystems.org>
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
This is experimental code, spice connections are not encryped and thus insecure.
We use ticket passwords for spice auth, and do direct spice connections to
the nodes instead of using a tunnel.
This function only works if the VM already exists. But pool permissions
are automatically inherited on existing VMs, so there is no need
to explicitly check pool permissions.
The requirement to have VM.Allocate it non-obvious and confusing
if the VM already exists. If the user can backup, he should also be able
to restore that backup.
Currently we push newvolid to newvollist after qemu-img convert,
so if signal interrupt occur during qemu-img convert, the newvollist is empty and we can't free the volume
Instead, We need to push newvolid to newvollist just after volume creation
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This is based on patches from Alexandre Derumier <aderumier@odiso.com>.
It just implements copy/clone for stopped VMs and Templates. Copying
running VMs or copy from snapshots is not implemented.
if model change : we try to unplug like before
if bridge/nat change : we try to unplug like before
else if bridge, but rate/vlan/bridge change, we dynamicly change them without need hotplug
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
qm template <vmid> [-disk virtio0]
convert a full vm to a template (or only a disk if specify)
we orignal disk to /base (file) or base- (lvm,rbd,sheepdog,nexenta)
we create a snapshot @base if storage need it for clone
we protect the volume or snapshot
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
to be sure that kvm process is killed (but it should kill itself),
and deactivate volumes
I slightly modified this patch (orig. from Alexandre) so that it apply cleanly.
We now store the size when we create a drive. This is just a hint, but
good enough to display on the GUI. We can now avoid to query the storage in
vmstatus().
for the moment we check only if the real path exist on the host.
This doesn't work for "virtual" device that host doesn't see.(like rbd, virtio-scsi,...).
This add a check if the volid exist in the storage.
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
replace the warn by a die.
Currently, if we vdisk_free a disk and something goes wrong (network
storage problem by example), the drive is removed from config and we
cannot retry to remove it later.
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Split out code to delete drive into delete_drive()
Always hotplug after config is written and reloaded.
Do not revert config if hotplug fails.
Do not safe config in add_unused_volume.
- pass $conf to create_disks sub
- add some checks on results of "drive_del","drive_add","device_del","device_add"
- replace "sleep 2" by iterative sub vm_waitfordevicecleanup
Signed-off-by: Derumier Alexandre <aderumier@odiso.com>