[Pacemaker] A caveat in the VirtualDomain resource agent

Cédric Dufour - Idiap Research Institute cedric.dufour at idiap.ch
Fri Aug 22 10:23:29 CEST 2014


Hello,

Is this the right place to report this issue? (please redirect me if not)

As we were experiencing/demonstrating our new cluster yesterday, we stumbled on a caveat in our LibvirtQemu resource agent (derived from VirtualDomain). Since the caveat is the same in the VirtualDomain resource agent; I thought I better report it. Please see the patch below (for LibvirtQemu), which comments should allow you to understand where the problem lies.

--- LibvirtQemu.orig    2014-08-22 09:39:21.997201000 +0200
+++ LibvirtQemu    2014-08-22 09:50:32.440969000 +0200
@@ -154,11 +154,10 @@
   local virsh_output
   local domain_name
 
-  # Note: passing in the domain name from outside the script is
-  # intended for testing and debugging purposes only. Don't do this
-  # in production, instead let the script figure out the domain name
-  # from the config file. You have been warned.
-  if [ -z "${DOMAIN_NAME}" ]; then
+  # NOTE: Re-defining an already defined domain is dangerous! It shall be done only
+  # if we can reasonably assume the configuration file hasn't changed since the last
+  # time the domain has been defined.
+  if [ -z "${DOMAIN_NAME}" ] || [ "${OCF_RESKEY_config}" -ot "${STATEFILE}" ]; then
     # Spin until we have a domain name
     while true; do
       virsh_output="$(virsh ${VIRSH_OPTIONS} define ${OCF_RESKEY_config})"
@@ -170,7 +169,7 @@
     echo "${domain_name}" > "${STATEFILE}"
     ocf_log info "Domain name '${domain_name}' saved to state file '${STATEFILE}'."
   else
-    ocf_log warn "Domain name '${DOMAIN_NAME}' already defined; overriding configuration file '${OCF_RESKEY_config}' (this should NOT ne done in production!)."
+    ocf_log warn "Domain name '${DOMAIN_NAME}' already defined; overriding by newer configuration file will NOT be done!"
   fi
 }
 
@@ -205,12 +204,12 @@
         ;;
       ''|'no state')
         # Empty string may be returned when virsh does not
-        # receive a reply from libvirtd.
+        # receive a reply from libvirtd or after the domain has
+        # been undefined.
         # "no state" may occur when the domain is currently
         # being migrated (on the migration target only), or
         # whenever virsh can't reliably obtain the domain
         # state.
-        status='no state'
         if [ "${__OCF_ACTION}" == 'stop' ] && [ ${try} -ge 3 ]; then
           # During the stop operation, we want to bail out
           # quickly, so as to be able to force-stop (destroy)
@@ -224,6 +223,17 @@
           ocf_log info "Domain '${DOMAIN_NAME}' currently has no state; retrying."
           sleep 1
         fi
+        if [ "${status}" == '' ] && [ $(( ${try} % 10 )) -eq 0 ]; then
+          # Could it be that libvirtd is running healthily but the domain
+          # has been undefined? In that case, let's attempt to re-define it.
+          # If libvirtd IS running, it can not hurt (given the safeguards in
+          # LibvirtQemu_Define). If libvirtd is NOT running, then something is
+          # definitely wrong (and the monitor operation will time-out in
+          # LibvirtQemu_Define the same way as it would here).
+          ocf_log warn "Has domain '${DOMAIN_NAME}' been undefined? attempting to re-define it."
+          LibvirtQemu_Define
+        fi
+        status='no state'
         ;;
       *)
         # any other output is unexpected.
@@ -487,6 +497,11 @@
 
 # Define the domain on startup, and re-define whenever someone deleted
 # the state file, or touched the config.
+# WARNING: There is a caveat here! When the resource is stopped, the state file
+# is deleted ONLY on the node where it was running. In case the domain is then
+# undefined (from libvirtd), on all nodes, we will end-up with a state file but no
+# domain definition on those nodes that were not running the resource. The monitor
+# operation MUST handle that situation, should the resource be restarted.
 if [ ! -e "${STATEFILE}" ] || [ "${OCF_RESKEY_config}" -nt "${STATEFILE}" ]; then
   LibvirtQemu_Define
 fi

One could ask "why undefine a libvirt domain and then restart it?". The answer is two-fold: 1. experience showed us that we shall undefine a decommissioned domain from libvirt to prevent potential UUID conflict when defining a new domain (which is likely in our setup, since UUID are build from the domain IP address); 2. the "demo-effect" (or potential legitimate reasons), where one would "decommission" a domain and restart it right afterwards ( :-/ ).

PS: we now also make sure to delete the VirtualDomain/LibvirtQemu state file when undefining the domain. But best have multiple safe guards as far as this caveat is concerned (thus the patch above).

Hope it helps,

Cédric

-- 

Cédric Dufour @ Idiap Research Institute

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oss.clusterlabs.org/pipermail/pacemaker/attachments/20140822/7a30d5e4/attachment.html>


More information about the Pacemaker mailing list