[ovirt-devel] [VDSM] Correct implementation of virt-sysprep job
Arik Hadas
ahadas at redhat.com
Tue Dec 6 20:06:43 UTC 2016
Adam,
Just out of curiosity: when you write "v2v has promised" - what exactly do
you mean? the tool? Richard Jones (the maintainer of virt-v2v)? Shahar and
I that implemented the integration with virt-v2v? I'm not aware of such a
promise by any of these options :)
Anyway, let's say that you were given such a promise by someone and thus
consider that mechanism to be deprecated - it doesn't really matter.
The current implementation doesn't well fit to this flow (it requires
per-volume job, it creates leases that are not needed for template's disks,
...) and with the "next-gen API" with proper support for virt flows not
even being discussed with us (and iiuc also not with the infra team) yet, I
don't understand what do you suggest except for some strong, though
irrelevant, statements.
I suggest loud and clear to reuse (not to add dependencies, not to enhance,
..) an existing mechanism for a very similar flow of virt-v2v that works
well and simple.
Do you "promise" to implement your "next gen API" for 4.1 as an alternative?
On Tue, Dec 6, 2016 at 5:04 PM, Adam Litke <alitke at redhat.com> wrote:
> On 05/12/16 11:17 +0200, Arik Hadas wrote:
>
>>
>>
>> On Mon, Dec 5, 2016 at 10:05 AM, Nir Soffer <nsoffer at redhat.com> wrote:
>>
>> On Sun, Dec 4, 2016 at 8:50 PM, Shmuel Melamud <smelamud at redhat.com>
>> wrote:
>> >
>> > Hi!
>> >
>> > I'm currently working on integration of virt-sysprep into oVirt.
>> >
>> > Usually, if user creates a template from a regular VM, and then
>> creates
>> new VMs from this template, these new VMs inherit all configuration of
>> the
>> original VM, including SSH keys, UDEV rules, MAC addresses, system ID,
>> hostname etc. It is unfortunate, because you cannot have two network
>> devices with the same MAC address in the same network, for example.
>> >
>> > To avoid this, user must clean all machine-specific configuration
>> from
>> the original VM before creating a template from it. You can do this
>> manually, but there is virt-sysprep utility that does this
>> automatically.
>> >
>> > Ideally, virt-sysprep should be seamlessly integrated into template
>> creation process. But the first step is to create a simple button: user
>> selects a VM, clicks the button and oVirt executes virt-sysprep on the
>> VM.
>> >
>> > virt-sysprep works directly on VM's filesystem. It accepts list of
>> all
>> disks of the VM as parameters:
>> >
>> > virt-sysprep -a disk1.img -a disk2.img -a disk3.img
>> >
>> > The architecture is as follows: command on the Engine side runs a
>> job on
>> VDSM side and tracks its success/failure. The job on VDSM side runs
>> virt-sysprep.
>> >
>> > The question is how to implement the job correctly?
>> >
>> > I thought about using storage jobs, but they are designed to work
>> only
>> with a single volume, correct?
>>
>> New storage verbs are volume based. This make it easy to manage
>> them on the engine side, and will allow parallelizing volume operations
>> on single or multiple hosts.
>>
>> A storage volume job is using sanlock lease on the modified volume
>> and volume generation number. If a host running pending jobs becomes
>> non-responsive and cannot be fenced, we can detect the state of
>> the job, fence the job, and start the job on another host.
>>
>> In the SPM task, if a host becomes non-responsive and cannot be
>> fenced, the whole setup is stuck, there is no way to perform any
>> storage operation.
>> > Is is possible to use them with operation that is performed on
>> multiple
>> volumes?
>> > Or, alternatively, is it possible to use some kind of 'VM jobs' -
>> that
>> work on VM at whole?
>>
>> We can do:
>>
>> 1. Add jobs with multiple volumes leases - can make error handling very
>> complex. How do tell a job state if you have multiple leases? which
>> volume generation you use?
>>
>> 2. Use volume job using one of the volumes (the boot volume?). This
>> does
>> not protect the other volumes from modification but engine is
>> responsible
>> for this.
>>
>> 3. Use new "vm jobs", using a vm lease (should be available this week
>> on master).
>> This protects a vm during sysprep from starting the vm.
>> We still need a generation to detect the job state, I think we can
>> use the sanlock
>> lease generation for this.
>>
>> I like the last option since sysprep is much like running a vm.
>> > How v2v solves this problem?
>>
>> It does not.
>>
>> v2v predates storage volume jobs. It does not use volume leases and
>> generation
>> and does have any way to recover if a host running v2v becomes
>> non-responsive
>> and cannot be fenced.
>>
>> It also does not use the jobs framework and does not use a thread pool
>> for
>> v2v jobs, so it has no limit on the number of storage operations on a
>> host.
>>
>>
>> Right, but let's be fair and present the benefits of v2v-jobs as well:
>> 1. it is the simplest "infrastructure" in terms of LOC
>>
>
> It is also deprecated. V2V has promised to adopt the richer Host Jobs
> API in the future.
>
> 2. it is the most efficient mechanism in terms of interactions between the
>> engine and VDSM (it doesn't require new verbs/call, the data is attached
>> to
>> VdsStats; probably the easiest mechanism to convert to events)
>>
>
> Engine is already polling the host jobs API so I am not sure I agree
> with you here.
>
> 3. it is the most efficient implementation in terms of interaction with the
>> database (no date is persisted into the database, no polling is done)
>>
>
> Again, we're already using the Host Jobs API. We'll gain efficiency
> by migrating away from the old v2v API and having a single, unified
> approach (Host Jobs).
>
> Currently we have 3 mechanisms to report jobs:
>> 1. VM jobs - that is currently used for live-merge. This requires the VM
>> entity
>> to exist in VDSM, thus not suitable for virt-sysprep.
>>
>
> Correct, not appropriate for this application.
>
> 2. storage jobs - complicated infrastructure, targeted for recovering from
>> failures to maintain storage consistency. Many of the things this
>> infrastructure knows to handle is irrelevant for virt-sysprep flow, and
>> the
>> fact that virt-sysprep is invoked on VM rather than particular disk makes
>> it
>> less suitable.
>>
>
> These are more appropriately called HostJobs and the have the
> following semantics:
> - They represent an external process running on a single host
> - They are not persisted. If the host or vdsm restarts, the job is
> aborted
> - They operate on entities. Currently storage is the first adopter
> of the infrastructure but virt was going to adopt these for the
> next-gen API. Entities can be volumes, storage domains, vms,
> network interfaces, etc.
> - Job status and progress is reported by the Host Jobs API. If a job
> is not present, then the underlying entitie(s) must be polled by
> engine to determine the actual state.
>
> 3. V2V jobs - no mechanism is provided to resume failed jobs, no leases,
>> etc
>>
>
> This is the old infra upon which Host Jobs are built. v2v has
> promised to move to Host Jobs in the future so we should not add new
> dependencies to this code.
>
> I have some arguments for using V2V-like jobs [1]:
>> 1. creating template from vm is rarely done - if host goes unresponsive
>> or any
>> other failure is detected we can just remove the template and report the
>> error
>>
>
> We can chose this error handling with Host Jobs as well.
>
> 2. the phase of virt-sysprep is, unlike typical storage operation, short -
>> reducing the risk of failures during the process
>>
>
> Reduced risk of failures is never an excuse to have lax error
> handling. The storage flavored host jobs provide tons of utilities
> for making error handling standardized, easy to implement, and
> correct.
>
> 3. during the operation the VM is down - by locking the VM/template and its
>> disks on the engine side, we render leases-like mechanism redundant
>>
>
> Eventually we want to protect all operations on storage with sanlock
> leases. This is safer and allows for a more distributed approach to
> management. Again, the use of leases correctly in host jobs requires
> about 5 lines of code. The benefits of standardization far outweigh
> any perceived simplification resulting from omitting it.
>
> 4. in the worst case - the disk will not be corrupted (only some of the
>> data
>> might be removed).
>>
>
> Again, the way engine chooses to handle job failures is independent of
> the mechanism. Let's separate that from this discussion.
>
> So I think that the mechanism for storage jobs is an over-kill for this
>> case.
>> We can keep it simple by generalise the V2V-job for other virt-tools
>> jobs, like
>> virt-sysprep.
>>
>
> I think we ought to standardize on the Host Jobs framework where we
> can collaborate on unit tests, standardized locking and error
> handling, abort logic, etc. When v2v moves to host jobs then we will
> have a unified method of handling ephemeral jobs that are tied to
> entities.
>
> --
> Adam Litke
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20161206/52f27424/attachment.html>
More information about the Devel
mailing list