4 # Copyright (C) 2008, 2009, 2010, 2011 Google Inc.
6 # This program is free software; you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 2 of the License, or
9 # (at your option) any later version.
11 # This program is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 # General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
40 from ganeti import utils
41 from ganeti import constants
42 from ganeti import errors
43 from ganeti import serializer
44 from ganeti import objects
45 from ganeti import uidpool
46 from ganeti import ssconf
47 from ganeti.hypervisor import hv_base
48 from ganeti import netutils
49 from ganeti.utils import wrapper as utils_wrapper
52 _KVM_NETWORK_SCRIPT = constants.SYSCONFDIR + "/ganeti/kvm-vif-bridge"
54 # TUN/TAP driver constants, taken from <linux/if_tun.h>
55 # They are architecture-independent and already hardcoded in qemu-kvm source,
56 # so we can safely include them here.
57 TUNSETIFF = 0x400454ca
58 TUNGETIFF = 0x800454d2
59 TUNGETFEATURES = 0x800454cf
65 def _ProbeTapVnetHdr(fd):
66 """Check whether to enable the IFF_VNET_HDR flag.
68 To do this, _all_ of the following conditions must be met:
69 1. TUNGETFEATURES ioctl() *must* be implemented
70 2. TUNGETFEATURES ioctl() result *must* contain the IFF_VNET_HDR flag
71 3. TUNGETIFF ioctl() *must* be implemented; reading the kernel code in
72 drivers/net/tun.c there is no way to test this until after the tap device
73 has been created using TUNSETIFF, and there is no way to change the
74 IFF_VNET_HDR flag after creating the interface, catch-22! However both
75 TUNGETIFF and TUNGETFEATURES were introduced in kernel version 2.6.27,
76 thus we can expect TUNGETIFF to be present if TUNGETFEATURES is.
79 @param fd: the file descriptor of /dev/net/tun
82 req = struct.pack("I", 0)
84 res = fcntl.ioctl(fd, TUNGETFEATURES, req)
85 except EnvironmentError:
86 logging.warning("TUNGETFEATURES ioctl() not implemented")
89 tunflags = struct.unpack("I", res)[0]
90 if tunflags & IFF_VNET_HDR:
93 logging.warning("Host does not support IFF_VNET_HDR, not enabling")
97 def _OpenTap(vnet_hdr=True):
98 """Open a new tap device and return its file descriptor.
100 This is intended to be used by a qemu-type hypervisor together with the -net
101 tap,fd=<fd> command line parameter.
103 @type vnet_hdr: boolean
104 @param vnet_hdr: Enable the VNET Header
105 @return: (ifname, tapfd)
110 tapfd = os.open("/dev/net/tun", os.O_RDWR)
111 except EnvironmentError:
112 raise errors.HypervisorError("Failed to open /dev/net/tun")
114 flags = IFF_TAP | IFF_NO_PI
116 if vnet_hdr and _ProbeTapVnetHdr(tapfd):
117 flags |= IFF_VNET_HDR
119 # The struct ifreq ioctl request (see netdevice(7))
120 ifr = struct.pack("16sh", "", flags)
123 res = fcntl.ioctl(tapfd, TUNSETIFF, ifr)
124 except EnvironmentError:
125 raise errors.HypervisorError("Failed to allocate a new TAP device")
127 # Get the interface name from the ioctl
128 ifname = struct.unpack("16sh", res)[0].strip("\x00")
129 return (ifname, tapfd)
133 """QEMU Messaging Protocol (QMP) message.
137 def __init__(self, data):
138 """Creates a new QMP message based on the passed data.
141 if not isinstance(data, dict):
142 raise TypeError("QmpMessage must be initialized with a dict")
146 def __getitem__(self, field_name):
147 """Get the value of the required field if present, or None.
149 Overrides the [] operator to provide access to the message data,
150 returning None if the required item is not in the message
151 @return: the value of the field_name field, or None if field_name
152 is not contained in the message
156 if field_name in self.data:
157 return self.data[field_name]
161 def __setitem__(self, field_name, field_value):
162 """Set the value of the required field_name to field_value.
165 self.data[field_name] = field_value
168 def BuildFromJsonString(json_string):
169 """Build a QmpMessage from a JSON encoded string.
171 @type json_string: str
172 @param json_string: JSON string representing the message
173 @rtype: L{QmpMessage}
174 @return: a L{QmpMessage} built from json_string
178 data = serializer.LoadJson(json_string)
179 return QmpMessage(data)
182 # The protocol expects the JSON object to be sent as a single
183 # line, hence the need for indent=False.
184 return serializer.DumpJson(self.data, indent=False)
186 def __eq__(self, other):
187 # When comparing two QmpMessages, we are interested in comparing
188 # their internal representation of the message data
189 return self.data == other.data
193 """Connection to the QEMU Monitor using the QEMU Monitor Protocol (QMP).
196 _FIRST_MESSAGE_KEY = "QMP"
199 _ERROR_CLASS_KEY = "class"
200 _ERROR_DATA_KEY = "data"
201 _ERROR_DESC_KEY = "desc"
202 _EXECUTE_KEY = "execute"
203 _ARGUMENTS_KEY = "arguments"
204 _CAPABILITIES_COMMAND = "qmp_capabilities"
205 _MESSAGE_END_TOKEN = "\r\n"
208 def __init__(self, monitor_filename):
209 """Instantiates the QmpConnection object.
211 @type monitor_filename: string
212 @param monitor_filename: the filename of the UNIX raw socket on which the
213 QMP monitor is listening
216 self.monitor_filename = monitor_filename
217 self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
218 # We want to fail if the server doesn't send a complete message
219 # in a reasonable amount of time
220 self.sock.settimeout(self._SOCKET_TIMEOUT)
221 self._connected = False
224 def _check_connection(self):
225 """Make sure that the connection is established.
228 if not self._connected:
229 raise errors.ProgrammerError("To use a QmpConnection you need to first"
230 " invoke connect() on it")
233 """Connects to the QMP monitor.
235 Connects to the UNIX socket and makes sure that we can actually send and
236 receive data to the kvm instance via QMP.
238 @raise errors.HypervisorError: when there are communication errors
239 @raise errors.ProgrammerError: when there are data serialization errors
242 self.sock.connect(self.monitor_filename)
243 self._connected = True
245 # Check if we receive a correct greeting message from the server
246 # (As per the QEMU Protocol Specification 0.1 - section 2.2)
247 greeting = self._Recv()
248 if not greeting[self._FIRST_MESSAGE_KEY]:
249 self._connected = False
250 raise errors.HypervisorError("kvm: qmp communication error (wrong"
253 # Let's put the monitor in command mode using the qmp_capabilities
254 # command, or else no command will be executable.
255 # (As per the QEMU Protocol Specification 0.1 - section 4)
256 self.Execute(self._CAPABILITIES_COMMAND)
258 def _ParseMessage(self, buf):
259 """Extract and parse a QMP message from the given buffer.
261 Seeks for a QMP message in the given buf. If found, it parses it and
262 returns it together with the rest of the characters in the buf.
263 If no message is found, returns None and the whole buffer.
265 @raise errors.ProgrammerError: when there are data serialization errors
269 # Check if we got the message end token (CRLF, as per the QEMU Protocol
270 # Specification 0.1 - Section 2.1.1)
271 pos = buf.find(self._MESSAGE_END_TOKEN)
274 message = QmpMessage.BuildFromJsonString(buf[:pos + 1])
275 except Exception, err:
276 raise errors.ProgrammerError("QMP data serialization error: %s" % err)
279 return (message, buf)
282 """Receives a message from QMP and decodes the received JSON object.
285 @return: the received message
286 @raise errors.HypervisorError: when there are communication errors
287 @raise errors.ProgrammerError: when there are data serialization errors
290 self._check_connection()
292 # Check if there is already a message in the buffer
293 (message, self._buf) = self._ParseMessage(self._buf)
297 recv_buffer = StringIO.StringIO(self._buf)
298 recv_buffer.seek(len(self._buf))
301 data = self.sock.recv(4096)
304 recv_buffer.write(data)
306 (message, self._buf) = self._ParseMessage(recv_buffer.getvalue())
310 except socket.timeout, err:
311 raise errors.HypervisorError("Timeout while receiving a QMP message: "
313 except socket.error, err:
314 raise errors.HypervisorError("Unable to receive data from KVM using the"
315 " QMP protocol: %s" % err)
317 def _Send(self, message):
318 """Encodes and sends a message to KVM using QMP.
320 @type message: QmpMessage
321 @param message: message to send to KVM
322 @raise errors.HypervisorError: when there are communication errors
323 @raise errors.ProgrammerError: when there are data serialization errors
326 self._check_connection()
328 message_str = str(message)
329 except Exception, err:
330 raise errors.ProgrammerError("QMP data deserialization error: %s" % err)
333 self.sock.sendall(message_str)
334 except socket.timeout, err:
335 raise errors.HypervisorError("Timeout while sending a QMP message: "
336 "%s (%s)" % (err.string, err.errno))
337 except socket.error, err:
338 raise errors.HypervisorError("Unable to send data from KVM using the"
339 " QMP protocol: %s" % err)
341 def Execute(self, command, arguments=None):
342 """Executes a QMP command and returns the response of the server.
345 @param command: the command to execute
346 @type arguments: dict
347 @param arguments: dictionary of arguments to be passed to the command
349 @return: dictionary representing the received JSON object
350 @raise errors.HypervisorError: when there are communication errors
351 @raise errors.ProgrammerError: when there are data serialization errors
354 self._check_connection()
355 message = QmpMessage({self._EXECUTE_KEY: command})
357 message[self._ARGUMENTS_KEY] = arguments
360 # Events can occur between the sending of the command and the reception
361 # of the response, so we need to filter out messages with the event key.
363 response = self._Recv()
364 err = response[self._ERROR_KEY]
366 raise errors.HypervisorError("kvm: error executing the %s"
367 " command: %s (%s, %s):" %
369 err[self._ERROR_DESC_KEY],
370 err[self._ERROR_CLASS_KEY],
371 err[self._ERROR_DATA_KEY]))
373 elif not response[self._EVENT_KEY]:
377 class KVMHypervisor(hv_base.BaseHypervisor):
378 """KVM hypervisor interface"""
381 _ROOT_DIR = constants.RUN_GANETI_DIR + "/kvm-hypervisor"
382 _PIDS_DIR = _ROOT_DIR + "/pid" # contains live instances pids
383 _UIDS_DIR = _ROOT_DIR + "/uid" # contains instances reserved uids
384 _CTRL_DIR = _ROOT_DIR + "/ctrl" # contains instances control sockets
385 _CONF_DIR = _ROOT_DIR + "/conf" # contains instances startup data
386 _NICS_DIR = _ROOT_DIR + "/nic" # contains instances nic <-> tap associations
387 _KEYMAP_DIR = _ROOT_DIR + "/keymap" # contains instances keymaps
388 # KVM instances with chroot enabled are started in empty chroot directories.
389 _CHROOT_DIR = _ROOT_DIR + "/chroot" # for empty chroot directories
390 # After an instance is stopped, its chroot directory is removed.
391 # If the chroot directory is not empty, it can't be removed.
392 # A non-empty chroot directory indicates a possible security incident.
393 # To support forensics, the non-empty chroot directory is quarantined in
394 # a separate directory, called 'chroot-quarantine'.
395 _CHROOT_QUARANTINE_DIR = _ROOT_DIR + "/chroot-quarantine"
396 _DIRS = [_ROOT_DIR, _PIDS_DIR, _UIDS_DIR, _CTRL_DIR, _CONF_DIR, _NICS_DIR,
397 _CHROOT_DIR, _CHROOT_QUARANTINE_DIR]
400 constants.HV_KERNEL_PATH: hv_base.OPT_FILE_CHECK,
401 constants.HV_INITRD_PATH: hv_base.OPT_FILE_CHECK,
402 constants.HV_ROOT_PATH: hv_base.NO_CHECK,
403 constants.HV_KERNEL_ARGS: hv_base.NO_CHECK,
404 constants.HV_ACPI: hv_base.NO_CHECK,
405 constants.HV_SERIAL_CONSOLE: hv_base.NO_CHECK,
406 constants.HV_VNC_BIND_ADDRESS:
407 (False, lambda x: (netutils.IP4Address.IsValid(x) or
408 utils.IsNormAbsPath(x)),
409 "the VNC bind address must be either a valid IP address or an absolute"
410 " pathname", None, None),
411 constants.HV_VNC_TLS: hv_base.NO_CHECK,
412 constants.HV_VNC_X509: hv_base.OPT_DIR_CHECK,
413 constants.HV_VNC_X509_VERIFY: hv_base.NO_CHECK,
414 constants.HV_VNC_PASSWORD_FILE: hv_base.OPT_FILE_CHECK,
415 constants.HV_KVM_SPICE_BIND: hv_base.NO_CHECK, # will be checked later
416 constants.HV_KVM_SPICE_IP_VERSION:
417 (False, lambda x: (x == constants.IFACE_NO_IP_VERSION_SPECIFIED or
418 x in constants.VALID_IP_VERSIONS),
419 "the SPICE IP version should be 4 or 6",
421 constants.HV_KVM_SPICE_PASSWORD_FILE: hv_base.OPT_FILE_CHECK,
422 constants.HV_KVM_SPICE_LOSSLESS_IMG_COMPR:
423 hv_base.ParamInSet(False,
424 constants.HT_KVM_SPICE_VALID_LOSSLESS_IMG_COMPR_OPTIONS),
425 constants.HV_KVM_SPICE_JPEG_IMG_COMPR:
426 hv_base.ParamInSet(False,
427 constants.HT_KVM_SPICE_VALID_LOSSY_IMG_COMPR_OPTIONS),
428 constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR:
429 hv_base.ParamInSet(False,
430 constants.HT_KVM_SPICE_VALID_LOSSY_IMG_COMPR_OPTIONS),
431 constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION:
432 hv_base.ParamInSet(False,
433 constants.HT_KVM_SPICE_VALID_VIDEO_STREAM_DETECTION_OPTIONS),
434 constants.HV_KVM_SPICE_AUDIO_COMPR: hv_base.NO_CHECK,
435 constants.HV_KVM_FLOPPY_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
436 constants.HV_CDROM_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
437 constants.HV_KVM_CDROM2_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
438 constants.HV_BOOT_ORDER:
439 hv_base.ParamInSet(True, constants.HT_KVM_VALID_BO_TYPES),
440 constants.HV_NIC_TYPE:
441 hv_base.ParamInSet(True, constants.HT_KVM_VALID_NIC_TYPES),
442 constants.HV_DISK_TYPE:
443 hv_base.ParamInSet(True, constants.HT_KVM_VALID_DISK_TYPES),
444 constants.HV_KVM_CDROM_DISK_TYPE:
445 hv_base.ParamInSet(False, constants.HT_KVM_VALID_DISK_TYPES),
446 constants.HV_USB_MOUSE:
447 hv_base.ParamInSet(False, constants.HT_KVM_VALID_MOUSE_TYPES),
448 constants.HV_KEYMAP: hv_base.NO_CHECK,
449 constants.HV_MIGRATION_PORT: hv_base.REQ_NET_PORT_CHECK,
450 constants.HV_MIGRATION_BANDWIDTH: hv_base.NO_CHECK,
451 constants.HV_MIGRATION_DOWNTIME: hv_base.NO_CHECK,
452 constants.HV_MIGRATION_MODE: hv_base.MIGRATION_MODE_CHECK,
453 constants.HV_USE_LOCALTIME: hv_base.NO_CHECK,
454 constants.HV_DISK_CACHE:
455 hv_base.ParamInSet(True, constants.HT_VALID_CACHE_TYPES),
456 constants.HV_SECURITY_MODEL:
457 hv_base.ParamInSet(True, constants.HT_KVM_VALID_SM_TYPES),
458 constants.HV_SECURITY_DOMAIN: hv_base.NO_CHECK,
459 constants.HV_KVM_FLAG:
460 hv_base.ParamInSet(False, constants.HT_KVM_FLAG_VALUES),
461 constants.HV_VHOST_NET: hv_base.NO_CHECK,
462 constants.HV_KVM_USE_CHROOT: hv_base.NO_CHECK,
463 constants.HV_MEM_PATH: hv_base.OPT_DIR_CHECK,
464 constants.HV_REBOOT_BEHAVIOR:
465 hv_base.ParamInSet(True, constants.REBOOT_BEHAVIORS),
466 constants.HV_CPU_MASK: hv_base.OPT_MULTI_CPU_MASK_CHECK,
469 _MIGRATION_STATUS_RE = re.compile("Migration\s+status:\s+(\w+)",
471 _MIGRATION_INFO_MAX_BAD_ANSWERS = 5
472 _MIGRATION_INFO_RETRY_DELAY = 2
474 _VERSION_RE = re.compile(r"\b(\d+)\.(\d+)\.(\d+)\b")
481 hv_base.BaseHypervisor.__init__(self)
482 # Let's make sure the directories we need exist, even if the RUN_DIR lives
483 # in a tmpfs filesystem or has been otherwise wiped out.
484 dirs = [(dname, constants.RUN_DIRS_MODE) for dname in self._DIRS]
485 utils.EnsureDirs(dirs)
488 def _InstancePidFile(cls, instance_name):
489 """Returns the instance pidfile.
492 return utils.PathJoin(cls._PIDS_DIR, instance_name)
495 def _InstanceUidFile(cls, instance_name):
496 """Returns the instance uidfile.
499 return utils.PathJoin(cls._UIDS_DIR, instance_name)
502 def _InstancePidInfo(cls, pid):
503 """Check pid file for instance information.
505 Check that a pid file is associated with an instance, and retrieve
506 information from its command line.
508 @type pid: string or int
509 @param pid: process id of the instance to check
511 @return: (instance_name, memory, vcpus)
512 @raise errors.HypervisorError: when an instance cannot be found
515 alive = utils.IsProcessAlive(pid)
517 raise errors.HypervisorError("Cannot get info for pid %s" % pid)
519 cmdline_file = utils.PathJoin("/proc", str(pid), "cmdline")
521 cmdline = utils.ReadFile(cmdline_file)
522 except EnvironmentError, err:
523 raise errors.HypervisorError("Can't open cmdline file for pid %s: %s" %
530 arg_list = cmdline.split("\x00")
532 arg = arg_list.pop(0)
534 instance = arg_list.pop(0)
536 memory = int(arg_list.pop(0))
538 vcpus = int(arg_list.pop(0))
541 raise errors.HypervisorError("Pid %s doesn't contain a ganeti kvm"
544 return (instance, memory, vcpus)
546 def _InstancePidAlive(self, instance_name):
547 """Returns the instance pidfile, pid, and liveness.
549 @type instance_name: string
550 @param instance_name: instance name
552 @return: (pid file name, pid, liveness)
555 pidfile = self._InstancePidFile(instance_name)
556 pid = utils.ReadPidFile(pidfile)
560 cmd_instance = self._InstancePidInfo(pid)[0]
561 alive = (cmd_instance == instance_name)
562 except errors.HypervisorError:
565 return (pidfile, pid, alive)
567 def _CheckDown(self, instance_name):
568 """Raises an error unless the given instance is down.
571 alive = self._InstancePidAlive(instance_name)[2]
573 raise errors.HypervisorError("Failed to start instance %s: %s" %
574 (instance_name, "already running"))
577 def _InstanceMonitor(cls, instance_name):
578 """Returns the instance monitor socket name
581 return utils.PathJoin(cls._CTRL_DIR, "%s.monitor" % instance_name)
584 def _InstanceSerial(cls, instance_name):
585 """Returns the instance serial socket name
588 return utils.PathJoin(cls._CTRL_DIR, "%s.serial" % instance_name)
591 def _InstanceQmpMonitor(cls, instance_name):
592 """Returns the instance serial QMP socket name
595 return utils.PathJoin(cls._CTRL_DIR, "%s.qmp" % instance_name)
598 def _SocatUnixConsoleParams():
599 """Returns the correct parameters for socat
601 If we have a new-enough socat we can use raw mode with an escape character.
604 if constants.SOCAT_USE_ESCAPE:
605 return "raw,echo=0,escape=%s" % constants.SOCAT_ESCAPE_CODE
607 return "echo=0,icanon=0"
610 def _InstanceKVMRuntime(cls, instance_name):
611 """Returns the instance KVM runtime filename
614 return utils.PathJoin(cls._CONF_DIR, "%s.runtime" % instance_name)
617 def _InstanceChrootDir(cls, instance_name):
618 """Returns the name of the KVM chroot dir of the instance
621 return utils.PathJoin(cls._CHROOT_DIR, instance_name)
624 def _InstanceNICDir(cls, instance_name):
625 """Returns the name of the directory holding the tap device files for a
629 return utils.PathJoin(cls._NICS_DIR, instance_name)
632 def _InstanceNICFile(cls, instance_name, seq):
633 """Returns the name of the file containing the tap device for a given NIC
636 return utils.PathJoin(cls._InstanceNICDir(instance_name), str(seq))
639 def _InstanceKeymapFile(cls, instance_name):
640 """Returns the name of the file containing the keymap for a given instance
643 return utils.PathJoin(cls._KEYMAP_DIR, instance_name)
646 def _TryReadUidFile(cls, uid_file):
647 """Try to read a uid file
650 if os.path.exists(uid_file):
652 uid = int(utils.ReadOneLineFile(uid_file))
654 except EnvironmentError:
655 logging.warning("Can't read uid file", exc_info=True)
656 except (TypeError, ValueError):
657 logging.warning("Can't parse uid file contents", exc_info=True)
661 def _RemoveInstanceRuntimeFiles(cls, pidfile, instance_name):
662 """Removes an instance's rutime sockets/files/dirs.
665 utils.RemoveFile(pidfile)
666 utils.RemoveFile(cls._InstanceMonitor(instance_name))
667 utils.RemoveFile(cls._InstanceSerial(instance_name))
668 utils.RemoveFile(cls._InstanceQmpMonitor(instance_name))
669 utils.RemoveFile(cls._InstanceKVMRuntime(instance_name))
670 utils.RemoveFile(cls._InstanceKeymapFile(instance_name))
671 uid_file = cls._InstanceUidFile(instance_name)
672 uid = cls._TryReadUidFile(uid_file)
673 utils.RemoveFile(uid_file)
675 uidpool.ReleaseUid(uid)
677 shutil.rmtree(cls._InstanceNICDir(instance_name))
679 if err.errno != errno.ENOENT:
682 chroot_dir = cls._InstanceChrootDir(instance_name)
683 utils.RemoveDir(chroot_dir)
685 if err.errno == errno.ENOTEMPTY:
686 # The chroot directory is expected to be empty, but it isn't.
687 new_chroot_dir = tempfile.mkdtemp(dir=cls._CHROOT_QUARANTINE_DIR,
690 utils.TimestampForFilename()))
691 logging.warning("The chroot directory of instance %s can not be"
692 " removed as it is not empty. Moving it to the"
693 " quarantine instead. Please investigate the"
694 " contents (%s) and clean up manually",
695 instance_name, new_chroot_dir)
696 utils.RenameFile(chroot_dir, new_chroot_dir)
701 def _ConfigureNIC(instance, seq, nic, tap):
702 """Run the network configuration script for a specified NIC
704 @param instance: instance we're acting on
705 @type instance: instance object
706 @param seq: nic sequence number
708 @param nic: nic we're acting on
709 @type nic: nic object
710 @param tap: the host's tap interface this NIC corresponds to
716 tags = " ".join(instance.tags)
721 "PATH": "%s:/sbin:/usr/sbin" % os.environ["PATH"],
722 "INSTANCE": instance.name,
724 "MODE": nic.nicparams[constants.NIC_MODE],
726 "INTERFACE_INDEX": str(seq),
733 if nic.nicparams[constants.NIC_LINK]:
734 env["LINK"] = nic.nicparams[constants.NIC_LINK]
736 if nic.nicparams[constants.NIC_MODE] == constants.NIC_MODE_BRIDGED:
737 env["BRIDGE"] = nic.nicparams[constants.NIC_LINK]
739 result = utils.RunCmd([constants.KVM_IFUP, tap], env=env)
741 raise errors.HypervisorError("Failed to configure interface %s: %s."
742 " Network configuration script output: %s" %
743 (tap, result.fail_reason, result.output))
745 def ListInstances(self):
746 """Get the list of running instances.
748 We can do this by listing our live instances directory and
749 checking whether the associated kvm process is still alive.
753 for name in os.listdir(self._PIDS_DIR):
754 if self._InstancePidAlive(name)[2]:
758 def GetInstanceInfo(self, instance_name):
759 """Get instance properties.
761 @type instance_name: string
762 @param instance_name: the instance name
763 @rtype: tuple of strings
764 @return: (name, id, memory, vcpus, stat, times)
767 _, pid, alive = self._InstancePidAlive(instance_name)
771 _, memory, vcpus = self._InstancePidInfo(pid)
775 return (instance_name, pid, memory, vcpus, stat, times)
777 def GetAllInstancesInfo(self):
778 """Get properties of all instances.
780 @return: list of tuples (name, id, memory, vcpus, stat, times)
784 for name in os.listdir(self._PIDS_DIR):
786 info = self.GetInstanceInfo(name)
787 except errors.HypervisorError:
793 def _GenerateKVMRuntime(self, instance, block_devices, startup_paused):
794 """Generate KVM information to start an instance.
797 # pylint: disable=R0914
798 _, v_major, v_min, _ = self._GetKVMVersion()
800 pidfile = self._InstancePidFile(instance.name)
801 kvm = constants.KVM_PATH
803 # used just by the vnc server, if enabled
804 kvm_cmd.extend(["-name", instance.name])
805 kvm_cmd.extend(["-m", instance.beparams[constants.BE_MEMORY]])
806 kvm_cmd.extend(["-smp", instance.beparams[constants.BE_VCPUS]])
807 kvm_cmd.extend(["-pidfile", pidfile])
808 kvm_cmd.extend(["-daemonize"])
809 if not instance.hvparams[constants.HV_ACPI]:
810 kvm_cmd.extend(["-no-acpi"])
812 kvm_cmd.extend(["-S"])
813 if instance.hvparams[constants.HV_REBOOT_BEHAVIOR] == \
814 constants.INSTANCE_REBOOT_EXIT:
815 kvm_cmd.extend(["-no-reboot"])
817 hvp = instance.hvparams
818 boot_disk = hvp[constants.HV_BOOT_ORDER] == constants.HT_BO_DISK
819 boot_cdrom = hvp[constants.HV_BOOT_ORDER] == constants.HT_BO_CDROM
820 boot_floppy = hvp[constants.HV_BOOT_ORDER] == constants.HT_BO_FLOPPY
821 boot_network = hvp[constants.HV_BOOT_ORDER] == constants.HT_BO_NETWORK
823 self.ValidateParameters(hvp)
825 if hvp[constants.HV_KVM_FLAG] == constants.HT_KVM_ENABLED:
826 kvm_cmd.extend(["-enable-kvm"])
827 elif hvp[constants.HV_KVM_FLAG] == constants.HT_KVM_DISABLED:
828 kvm_cmd.extend(["-disable-kvm"])
831 kvm_cmd.extend(["-boot", "n"])
833 disk_type = hvp[constants.HV_DISK_TYPE]
834 if disk_type == constants.HT_DISK_PARAVIRTUAL:
835 if_val = ",if=virtio"
837 if_val = ",if=%s" % disk_type
839 disk_cache = hvp[constants.HV_DISK_CACHE]
840 if instance.disk_template in constants.DTS_EXT_MIRROR:
841 if disk_cache != "none":
842 # TODO: make this a hard error, instead of a silent overwrite
843 logging.warning("KVM: overriding disk_cache setting '%s' with 'none'"
844 " to prevent shared storage corruption on migration",
846 cache_val = ",cache=none"
847 elif disk_cache != constants.HT_CACHE_DEFAULT:
848 cache_val = ",cache=%s" % disk_cache
851 for cfdev, dev_path in block_devices:
852 if cfdev.mode != constants.DISK_RDWR:
853 raise errors.HypervisorError("Instance has read-only disks which"
854 " are not supported by KVM")
855 # TODO: handle FD_LOOP and FD_BLKTAP (?)
858 kvm_cmd.extend(["-boot", "c"])
860 if (v_major, v_min) < (0, 14) and disk_type != constants.HT_DISK_IDE:
861 boot_val = ",boot=on"
863 drive_val = "file=%s,format=raw%s%s%s" % (dev_path, if_val, boot_val,
865 kvm_cmd.extend(["-drive", drive_val])
867 #Now we can specify a different device type for CDROM devices.
868 cdrom_disk_type = hvp[constants.HV_KVM_CDROM_DISK_TYPE]
869 if not cdrom_disk_type:
870 cdrom_disk_type = disk_type
872 iso_image = hvp[constants.HV_CDROM_IMAGE_PATH]
874 options = ",format=raw,media=cdrom"
876 kvm_cmd.extend(["-boot", "d"])
877 if cdrom_disk_type != constants.HT_DISK_IDE:
878 options = "%s,boot=on,if=%s" % (options, constants.HT_DISK_IDE)
880 options = "%s,boot=on" % options
882 if cdrom_disk_type == constants.HT_DISK_PARAVIRTUAL:
883 if_val = ",if=virtio"
885 if_val = ",if=%s" % cdrom_disk_type
886 options = "%s%s" % (options, if_val)
887 drive_val = "file=%s%s" % (iso_image, options)
888 kvm_cmd.extend(["-drive", drive_val])
890 iso_image2 = hvp[constants.HV_KVM_CDROM2_IMAGE_PATH]
892 options = ",format=raw,media=cdrom"
893 if cdrom_disk_type == constants.HT_DISK_PARAVIRTUAL:
894 if_val = ",if=virtio"
896 if_val = ",if=%s" % cdrom_disk_type
897 options = "%s%s" % (options, if_val)
898 drive_val = "file=%s%s" % (iso_image2, options)
899 kvm_cmd.extend(["-drive", drive_val])
901 floppy_image = hvp[constants.HV_KVM_FLOPPY_IMAGE_PATH]
903 options = ",format=raw,media=disk"
905 kvm_cmd.extend(["-boot", "a"])
906 options = "%s,boot=on" % options
907 if_val = ",if=floppy"
908 options = "%s%s" % (options, if_val)
909 drive_val = "file=%s%s" % (floppy_image, options)
910 kvm_cmd.extend(["-drive", drive_val])
912 kernel_path = hvp[constants.HV_KERNEL_PATH]
914 kvm_cmd.extend(["-kernel", kernel_path])
915 initrd_path = hvp[constants.HV_INITRD_PATH]
917 kvm_cmd.extend(["-initrd", initrd_path])
918 root_append = ["root=%s" % hvp[constants.HV_ROOT_PATH],
919 hvp[constants.HV_KERNEL_ARGS]]
920 if hvp[constants.HV_SERIAL_CONSOLE]:
921 root_append.append("console=ttyS0,38400")
922 kvm_cmd.extend(["-append", " ".join(root_append)])
924 mem_path = hvp[constants.HV_MEM_PATH]
926 kvm_cmd.extend(["-mem-path", mem_path, "-mem-prealloc"])
928 mouse_type = hvp[constants.HV_USB_MOUSE]
929 vnc_bind_address = hvp[constants.HV_VNC_BIND_ADDRESS]
932 kvm_cmd.extend(["-usb"])
933 kvm_cmd.extend(["-usbdevice", mouse_type])
934 elif vnc_bind_address:
935 kvm_cmd.extend(["-usbdevice", constants.HT_MOUSE_TABLET])
937 keymap = hvp[constants.HV_KEYMAP]
939 keymap_path = self._InstanceKeymapFile(instance.name)
940 # If a keymap file is specified, KVM won't use its internal defaults. By
941 # first including the "en-us" layout, an error on loading the actual
942 # layout (e.g. because it can't be found) won't lead to a non-functional
943 # keyboard. A keyboard with incorrect keys is still better than none.
944 utils.WriteFile(keymap_path, data="include en-us\ninclude %s\n" % keymap)
945 kvm_cmd.extend(["-k", keymap_path])
948 if netutils.IP4Address.IsValid(vnc_bind_address):
949 if instance.network_port > constants.VNC_BASE_PORT:
950 display = instance.network_port - constants.VNC_BASE_PORT
951 if vnc_bind_address == constants.IP4_ADDRESS_ANY:
952 vnc_arg = ":%d" % (display)
954 vnc_arg = "%s:%d" % (vnc_bind_address, display)
956 logging.error("Network port is not a valid VNC display (%d < %d)."
957 " Not starting VNC", instance.network_port,
958 constants.VNC_BASE_PORT)
961 # Only allow tls and other option when not binding to a file, for now.
962 # kvm/qemu gets confused otherwise about the filename to use.
964 if hvp[constants.HV_VNC_TLS]:
965 vnc_append = "%s,tls" % vnc_append
966 if hvp[constants.HV_VNC_X509_VERIFY]:
967 vnc_append = "%s,x509verify=%s" % (vnc_append,
968 hvp[constants.HV_VNC_X509])
969 elif hvp[constants.HV_VNC_X509]:
970 vnc_append = "%s,x509=%s" % (vnc_append,
971 hvp[constants.HV_VNC_X509])
972 if hvp[constants.HV_VNC_PASSWORD_FILE]:
973 vnc_append = "%s,password" % vnc_append
975 vnc_arg = "%s%s" % (vnc_arg, vnc_append)
978 vnc_arg = "unix:%s/%s.vnc" % (vnc_bind_address, instance.name)
980 kvm_cmd.extend(["-vnc", vnc_arg])
982 kvm_cmd.extend(["-nographic"])
984 monitor_dev = ("unix:%s,server,nowait" %
985 self._InstanceMonitor(instance.name))
986 kvm_cmd.extend(["-monitor", monitor_dev])
987 if hvp[constants.HV_SERIAL_CONSOLE]:
988 serial_dev = ("unix:%s,server,nowait" %
989 self._InstanceSerial(instance.name))
990 kvm_cmd.extend(["-serial", serial_dev])
992 kvm_cmd.extend(["-serial", "none"])
994 spice_bind = hvp[constants.HV_KVM_SPICE_BIND]
995 spice_ip_version = None
997 if netutils.IsValidInterface(spice_bind):
998 # The user specified a network interface, we have to figure out the IP
1000 addresses = netutils.GetInterfaceIpAddresses(spice_bind)
1001 spice_ip_version = hvp[constants.HV_KVM_SPICE_IP_VERSION]
1003 # if the user specified an IP version and the interface does not
1004 # have that kind of IP addresses, throw an exception
1005 if spice_ip_version != constants.IFACE_NO_IP_VERSION_SPECIFIED:
1006 if not addresses[spice_ip_version]:
1007 raise errors.HypervisorError("spice: unable to get an IPv%s address"
1008 " for %s" % (spice_ip_version,
1011 # the user did not specify an IP version, we have to figure it out
1012 elif (addresses[constants.IP4_VERSION] and
1013 addresses[constants.IP6_VERSION]):
1014 # we have both ipv4 and ipv6, let's use the cluster default IP
1016 cluster_family = ssconf.SimpleStore().GetPrimaryIPFamily()
1017 spice_ip_version = netutils.IPAddress.GetVersionFromAddressFamily(
1019 elif addresses[constants.IP4_VERSION]:
1020 spice_ip_version = constants.IP4_VERSION
1021 elif addresses[constants.IP6_VERSION]:
1022 spice_ip_version = constants.IP6_VERSION
1024 raise errors.HypervisorError("spice: unable to get an IP address"
1025 " for %s" % (spice_bind))
1027 spice_address = addresses[spice_ip_version][0]
1030 # spice_bind is known to be a valid IP address, because
1031 # ValidateParameters checked it.
1032 spice_address = spice_bind
1034 spice_arg = "addr=%s,port=%s" % (spice_address, instance.network_port)
1035 if not hvp[constants.HV_KVM_SPICE_PASSWORD_FILE]:
1036 spice_arg = "%s,disable-ticketing" % spice_arg
1038 if spice_ip_version:
1039 spice_arg = "%s,ipv%s" % (spice_arg, spice_ip_version)
1041 # Image compression options
1042 img_lossless = hvp[constants.HV_KVM_SPICE_LOSSLESS_IMG_COMPR]
1043 img_jpeg = hvp[constants.HV_KVM_SPICE_JPEG_IMG_COMPR]
1044 img_zlib_glz = hvp[constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR]
1046 spice_arg = "%s,image-compression=%s" % (spice_arg, img_lossless)
1048 spice_arg = "%s,jpeg-wan-compression=%s" % (spice_arg, img_jpeg)
1050 spice_arg = "%s,zlib-glz-wan-compression=%s" % (spice_arg, img_zlib_glz)
1052 # Video stream detection
1053 video_streaming = hvp[constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION]
1055 spice_arg = "%s,streaming-video=%s" % (spice_arg, video_streaming)
1057 # Audio compression, by default in qemu-kvm it is on
1058 if not hvp[constants.HV_KVM_SPICE_AUDIO_COMPR]:
1059 spice_arg = "%s,playback-compression=off" % spice_arg
1061 logging.info("KVM: SPICE will listen on port %s", instance.network_port)
1062 kvm_cmd.extend(["-spice", spice_arg])
1064 # Tell kvm to use the paravirtualized graphic card, optimized for SPICE
1065 kvm_cmd.extend(["-vga", "qxl"])
1067 if hvp[constants.HV_USE_LOCALTIME]:
1068 kvm_cmd.extend(["-localtime"])
1070 if hvp[constants.HV_KVM_USE_CHROOT]:
1071 kvm_cmd.extend(["-chroot", self._InstanceChrootDir(instance.name)])
1073 # Save the current instance nics, but defer their expansion as parameters,
1074 # as we'll need to generate executable temp files for them.
1075 kvm_nics = instance.nics
1078 return (kvm_cmd, kvm_nics, hvparams)
1080 def _WriteKVMRuntime(self, instance_name, data):
1081 """Write an instance's KVM runtime
1085 utils.WriteFile(self._InstanceKVMRuntime(instance_name),
1087 except EnvironmentError, err:
1088 raise errors.HypervisorError("Failed to save KVM runtime file: %s" % err)
1090 def _ReadKVMRuntime(self, instance_name):
1091 """Read an instance's KVM runtime
1095 file_content = utils.ReadFile(self._InstanceKVMRuntime(instance_name))
1096 except EnvironmentError, err:
1097 raise errors.HypervisorError("Failed to load KVM runtime file: %s" % err)
1100 def _SaveKVMRuntime(self, instance, kvm_runtime):
1101 """Save an instance's KVM runtime
1104 kvm_cmd, kvm_nics, hvparams = kvm_runtime
1105 serialized_nics = [nic.ToDict() for nic in kvm_nics]
1106 serialized_form = serializer.Dump((kvm_cmd, serialized_nics, hvparams))
1107 self._WriteKVMRuntime(instance.name, serialized_form)
1109 def _LoadKVMRuntime(self, instance, serialized_runtime=None):
1110 """Load an instance's KVM runtime
1113 if not serialized_runtime:
1114 serialized_runtime = self._ReadKVMRuntime(instance.name)
1115 loaded_runtime = serializer.Load(serialized_runtime)
1116 kvm_cmd, serialized_nics, hvparams = loaded_runtime
1117 kvm_nics = [objects.NIC.FromDict(snic) for snic in serialized_nics]
1118 return (kvm_cmd, kvm_nics, hvparams)
1120 def _RunKVMCmd(self, name, kvm_cmd, tap_fds=None):
1121 """Run the KVM cmd and check for errors
1124 @param name: instance name
1125 @type kvm_cmd: list of strings
1126 @param kvm_cmd: runcmd input for kvm
1127 @type tap_fds: list of int
1128 @param tap_fds: fds of tap devices opened by Ganeti
1132 result = utils.RunCmd(kvm_cmd, noclose_fds=tap_fds)
1135 utils_wrapper.CloseFdNoError(fd)
1138 raise errors.HypervisorError("Failed to start instance %s: %s (%s)" %
1139 (name, result.fail_reason, result.output))
1140 if not self._InstancePidAlive(name)[2]:
1141 raise errors.HypervisorError("Failed to start instance %s" % name)
1143 def _ExecuteKVMRuntime(self, instance, kvm_runtime, incoming=None):
1144 """Execute a KVM cmd, after completing it with some last minute data
1146 @type incoming: tuple of strings
1147 @param incoming: (target_host_ip, port)
1150 # Small _ExecuteKVMRuntime hv parameters programming howto:
1151 # - conf_hvp contains the parameters as configured on ganeti. they might
1152 # have changed since the instance started; only use them if the change
1153 # won't affect the inside of the instance (which hasn't been rebooted).
1154 # - up_hvp contains the parameters as they were when the instance was
1155 # started, plus any new parameter which has been added between ganeti
1156 # versions: it is paramount that those default to a value which won't
1157 # affect the inside of the instance as well.
1158 conf_hvp = instance.hvparams
1159 name = instance.name
1160 self._CheckDown(name)
1164 kvm_cmd, kvm_nics, up_hvp = kvm_runtime
1165 up_hvp = objects.FillDict(conf_hvp, up_hvp)
1167 _, v_major, v_min, _ = self._GetKVMVersion()
1169 # We know it's safe to run as a different user upon migration, so we'll use
1170 # the latest conf, from conf_hvp.
1171 security_model = conf_hvp[constants.HV_SECURITY_MODEL]
1172 if security_model == constants.HT_SM_USER:
1173 kvm_cmd.extend(["-runas", conf_hvp[constants.HV_SECURITY_DOMAIN]])
1175 # We have reasons to believe changing something like the nic driver/type
1176 # upon migration won't exactly fly with the instance kernel, so for nic
1177 # related parameters we'll use up_hvp
1181 kvm_cmd.extend(["-net", "none"])
1185 nic_type = up_hvp[constants.HV_NIC_TYPE]
1186 if nic_type == constants.HT_NIC_PARAVIRTUAL:
1187 # From version 0.12.0, kvm uses a new sintax for network configuration.
1188 if (v_major, v_min) >= (0, 12):
1189 nic_model = "virtio-net-pci"
1192 nic_model = "virtio"
1194 if up_hvp[constants.HV_VHOST_NET]:
1195 # vhost_net is only available from version 0.13.0 or newer
1196 if (v_major, v_min) >= (0, 13):
1197 tap_extra = ",vhost=on"
1199 raise errors.HypervisorError("vhost_net is configured"
1200 " but it is not available")
1202 nic_model = nic_type
1204 for nic_seq, nic in enumerate(kvm_nics):
1205 tapname, tapfd = _OpenTap(vnet_hdr)
1206 tapfds.append(tapfd)
1207 taps.append(tapname)
1208 if (v_major, v_min) >= (0, 12):
1209 nic_val = "%s,mac=%s,netdev=netdev%s" % (nic_model, nic.mac, nic_seq)
1210 tap_val = "type=tap,id=netdev%s,fd=%d%s" % (nic_seq, tapfd, tap_extra)
1211 kvm_cmd.extend(["-netdev", tap_val, "-device", nic_val])
1213 nic_val = "nic,vlan=%s,macaddr=%s,model=%s" % (nic_seq,
1215 tap_val = "tap,vlan=%s,fd=%d" % (nic_seq, tapfd)
1216 kvm_cmd.extend(["-net", tap_val, "-net", nic_val])
1219 target, port = incoming
1220 kvm_cmd.extend(["-incoming", "tcp:%s:%s" % (target, port)])
1222 # Changing the vnc password doesn't bother the guest that much. At most it
1223 # will surprise people who connect to it. Whether positively or negatively
1225 vnc_pwd_file = conf_hvp[constants.HV_VNC_PASSWORD_FILE]
1229 vnc_pwd = utils.ReadOneLineFile(vnc_pwd_file, strict=True)
1230 except EnvironmentError, err:
1231 raise errors.HypervisorError("Failed to open VNC password file %s: %s"
1232 % (vnc_pwd_file, err))
1234 if conf_hvp[constants.HV_KVM_USE_CHROOT]:
1235 utils.EnsureDirs([(self._InstanceChrootDir(name),
1236 constants.SECURE_DIR_MODE)])
1238 # Automatically enable QMP if version is >= 0.14
1239 if (v_major, v_min) >= (0, 14):
1240 logging.debug("Enabling QMP")
1241 kvm_cmd.extend(["-qmp", "unix:%s,server,nowait" %
1242 self._InstanceQmpMonitor(instance.name)])
1244 # Configure the network now for starting instances and bridged interfaces,
1245 # during FinalizeMigration for incoming instances' routed interfaces
1246 for nic_seq, nic in enumerate(kvm_nics):
1248 nic.nicparams[constants.NIC_MODE] != constants.NIC_MODE_BRIDGED):
1250 self._ConfigureNIC(instance, nic_seq, nic, taps[nic_seq])
1252 if security_model == constants.HT_SM_POOL:
1253 ss = ssconf.SimpleStore()
1254 uid_pool = uidpool.ParseUidPool(ss.GetUidPool(), separator="\n")
1255 all_uids = set(uidpool.ExpandUidPool(uid_pool))
1256 uid = uidpool.RequestUnusedUid(all_uids)
1258 username = pwd.getpwuid(uid.GetUid()).pw_name
1259 kvm_cmd.extend(["-runas", username])
1260 self._RunKVMCmd(name, kvm_cmd, tapfds)
1262 uidpool.ReleaseUid(uid)
1266 utils.WriteFile(self._InstanceUidFile(name), data=uid.AsStr())
1268 self._RunKVMCmd(name, kvm_cmd, tapfds)
1270 utils.EnsureDirs([(self._InstanceNICDir(instance.name),
1271 constants.RUN_DIRS_MODE)])
1272 for nic_seq, tap in enumerate(taps):
1273 utils.WriteFile(self._InstanceNICFile(instance.name, nic_seq),
1277 change_cmd = "change vnc password %s" % vnc_pwd
1278 self._CallMonitorCommand(instance.name, change_cmd)
1280 # Setting SPICE password. We are not vulnerable to malicious passwordless
1281 # connection attempts because SPICE by default does not allow connections
1282 # if neither a password nor the "disable_ticketing" options are specified.
1283 # As soon as we send the password via QMP, that password is a valid ticket
1285 spice_password_file = conf_hvp[constants.HV_KVM_SPICE_PASSWORD_FILE]
1286 if spice_password_file:
1288 spice_pwd = utils.ReadOneLineFile(spice_password_file, strict=True)
1289 qmp = QmpConnection(self._InstanceQmpMonitor(instance.name))
1292 "protocol": "spice",
1293 "password": spice_pwd,
1295 qmp.Execute("set_password", arguments)
1296 except EnvironmentError, err:
1297 raise errors.HypervisorError("Failed to open SPICE password file %s: %s"
1298 % (spice_password_file, err))
1300 for filename in temp_files:
1301 utils.RemoveFile(filename)
1303 def StartInstance(self, instance, block_devices, startup_paused):
1304 """Start an instance.
1307 self._CheckDown(instance.name)
1308 kvm_runtime = self._GenerateKVMRuntime(instance, block_devices,
1310 self._SaveKVMRuntime(instance, kvm_runtime)
1311 self._ExecuteKVMRuntime(instance, kvm_runtime)
1313 def _CallMonitorCommand(self, instance_name, command):
1314 """Invoke a command on the instance monitor.
1317 socat = ("echo %s | %s STDIO UNIX-CONNECT:%s" %
1318 (utils.ShellQuote(command),
1319 constants.SOCAT_PATH,
1320 utils.ShellQuote(self._InstanceMonitor(instance_name))))
1321 result = utils.RunCmd(socat)
1323 msg = ("Failed to send command '%s' to instance %s."
1324 " output: %s, error: %s, fail_reason: %s" %
1325 (command, instance_name,
1326 result.stdout, result.stderr, result.fail_reason))
1327 raise errors.HypervisorError(msg)
1332 def _GetKVMVersion(cls):
1333 """Return the installed KVM version.
1335 @return: (version, v_maj, v_min, v_rev)
1336 @raise L{errors.HypervisorError}: when the KVM version cannot be retrieved
1339 result = utils.RunCmd([constants.KVM_PATH, "--help"])
1341 raise errors.HypervisorError("Unable to get KVM version")
1342 match = cls._VERSION_RE.search(result.output.splitlines()[0])
1344 raise errors.HypervisorError("Unable to get KVM version")
1346 return (match.group(0), int(match.group(1)), int(match.group(2)),
1347 int(match.group(3)))
1349 def StopInstance(self, instance, force=False, retry=False, name=None):
1350 """Stop an instance.
1353 if name is not None and not force:
1354 raise errors.HypervisorError("Cannot shutdown cleanly by name only")
1356 name = instance.name
1357 acpi = instance.hvparams[constants.HV_ACPI]
1360 _, pid, alive = self._InstancePidAlive(name)
1361 if pid > 0 and alive:
1362 if force or not acpi:
1363 utils.KillProcess(pid)
1365 self._CallMonitorCommand(name, "system_powerdown")
1367 def CleanupInstance(self, instance_name):
1368 """Cleanup after a stopped instance
1371 pidfile, pid, alive = self._InstancePidAlive(instance_name)
1372 if pid > 0 and alive:
1373 raise errors.HypervisorError("Cannot cleanup a live instance")
1374 self._RemoveInstanceRuntimeFiles(pidfile, instance_name)
1376 def RebootInstance(self, instance):
1377 """Reboot an instance.
1380 # For some reason if we do a 'send-key ctrl-alt-delete' to the control
1381 # socket the instance will stop, but now power up again. So we'll resort
1382 # to shutdown and restart.
1383 _, _, alive = self._InstancePidAlive(instance.name)
1385 raise errors.HypervisorError("Failed to reboot instance %s:"
1386 " not running" % instance.name)
1387 # StopInstance will delete the saved KVM runtime so:
1388 # ...first load it...
1389 kvm_runtime = self._LoadKVMRuntime(instance)
1390 # ...now we can safely call StopInstance...
1391 if not self.StopInstance(instance):
1392 self.StopInstance(instance, force=True)
1393 # ...and finally we can save it again, and execute it...
1394 self._SaveKVMRuntime(instance, kvm_runtime)
1395 self._ExecuteKVMRuntime(instance, kvm_runtime)
1397 def MigrationInfo(self, instance):
1398 """Get instance information to perform a migration.
1400 @type instance: L{objects.Instance}
1401 @param instance: instance to be migrated
1403 @return: content of the KVM runtime file
1406 return self._ReadKVMRuntime(instance.name)
1408 def AcceptInstance(self, instance, info, target):
1409 """Prepare to accept an instance.
1411 @type instance: L{objects.Instance}
1412 @param instance: instance to be accepted
1414 @param info: content of the KVM runtime file on the source node
1415 @type target: string
1416 @param target: target host (usually ip), on this node
1419 kvm_runtime = self._LoadKVMRuntime(instance, serialized_runtime=info)
1420 incoming_address = (target, instance.hvparams[constants.HV_MIGRATION_PORT])
1421 self._ExecuteKVMRuntime(instance, kvm_runtime, incoming=incoming_address)
1423 def FinalizeMigration(self, instance, info, success):
1424 """Finalize an instance migration.
1426 Stop the incoming mode KVM.
1428 @type instance: L{objects.Instance}
1429 @param instance: instance whose migration is being finalized
1433 kvm_runtime = self._LoadKVMRuntime(instance, serialized_runtime=info)
1434 kvm_nics = kvm_runtime[1]
1436 for nic_seq, nic in enumerate(kvm_nics):
1437 if nic.nicparams[constants.NIC_MODE] == constants.NIC_MODE_BRIDGED:
1438 # Bridged interfaces have already been configured
1441 tap = utils.ReadFile(self._InstanceNICFile(instance.name, nic_seq))
1442 except EnvironmentError, err:
1443 logging.warning("Failed to find host interface for %s NIC #%d: %s",
1444 instance.name, nic_seq, str(err))
1447 self._ConfigureNIC(instance, nic_seq, nic, tap)
1448 except errors.HypervisorError, err:
1449 logging.warning(str(err))
1451 self._WriteKVMRuntime(instance.name, info)
1453 self.StopInstance(instance, force=True)
1455 def MigrateInstance(self, instance, target, live):
1456 """Migrate an instance to a target node.
1458 The migration will not be attempted if the instance is not
1461 @type instance: L{objects.Instance}
1462 @param instance: the instance to be migrated
1463 @type target: string
1464 @param target: ip address of the target node
1466 @param live: perform a live migration
1469 instance_name = instance.name
1470 port = instance.hvparams[constants.HV_MIGRATION_PORT]
1471 pidfile, pid, alive = self._InstancePidAlive(instance_name)
1473 raise errors.HypervisorError("Instance not running, cannot migrate")
1476 self._CallMonitorCommand(instance_name, "stop")
1478 migrate_command = ("migrate_set_speed %dm" %
1479 instance.hvparams[constants.HV_MIGRATION_BANDWIDTH])
1480 self._CallMonitorCommand(instance_name, migrate_command)
1482 migrate_command = ("migrate_set_downtime %dms" %
1483 instance.hvparams[constants.HV_MIGRATION_DOWNTIME])
1484 self._CallMonitorCommand(instance_name, migrate_command)
1486 migrate_command = "migrate -d tcp:%s:%s" % (target, port)
1487 self._CallMonitorCommand(instance_name, migrate_command)
1489 info_command = "info migrate"
1493 result = self._CallMonitorCommand(instance_name, info_command)
1494 match = self._MIGRATION_STATUS_RE.search(result.stdout)
1497 if not result.stdout:
1498 logging.info("KVM: empty 'info migrate' result")
1500 logging.warning("KVM: unknown 'info migrate' result: %s",
1502 time.sleep(self._MIGRATION_INFO_RETRY_DELAY)
1504 status = match.group(1)
1505 if status == "completed":
1507 elif status == "active":
1508 # reset the broken answers count
1510 time.sleep(self._MIGRATION_INFO_RETRY_DELAY)
1511 elif status == "failed" or status == "cancelled":
1513 self._CallMonitorCommand(instance_name, 'cont')
1514 raise errors.HypervisorError("Migration %s at the kvm level" %
1517 logging.warning("KVM: unknown migration status '%s'", status)
1519 time.sleep(self._MIGRATION_INFO_RETRY_DELAY)
1520 if broken_answers >= self._MIGRATION_INFO_MAX_BAD_ANSWERS:
1521 raise errors.HypervisorError("Too many 'info migrate' broken answers")
1523 utils.KillProcess(pid)
1524 self._RemoveInstanceRuntimeFiles(pidfile, instance_name)
1526 def GetNodeInfo(self):
1527 """Return information about the node.
1529 This is just a wrapper over the base GetLinuxNodeInfo method.
1531 @return: a dict with the following keys (values in MiB):
1532 - memory_total: the total memory size on the node
1533 - memory_free: the available memory on the node for instances
1534 - memory_dom0: the memory used by the node itself, if available
1537 return self.GetLinuxNodeInfo()
1540 def GetInstanceConsole(cls, instance, hvparams, beparams):
1541 """Return a command for connecting to the console of an instance.
1544 if hvparams[constants.HV_SERIAL_CONSOLE]:
1545 cmd = [constants.KVM_CONSOLE_WRAPPER,
1546 constants.SOCAT_PATH, utils.ShellQuote(instance.name),
1547 utils.ShellQuote(cls._InstanceMonitor(instance.name)),
1548 "STDIO,%s" % cls._SocatUnixConsoleParams(),
1549 "UNIX-CONNECT:%s" % cls._InstanceSerial(instance.name)]
1550 return objects.InstanceConsole(instance=instance.name,
1551 kind=constants.CONS_SSH,
1552 host=instance.primary_node,
1553 user=constants.GANETI_RUNAS,
1556 vnc_bind_address = hvparams[constants.HV_VNC_BIND_ADDRESS]
1557 if vnc_bind_address and instance.network_port > constants.VNC_BASE_PORT:
1558 display = instance.network_port - constants.VNC_BASE_PORT
1559 return objects.InstanceConsole(instance=instance.name,
1560 kind=constants.CONS_VNC,
1561 host=vnc_bind_address,
1562 port=instance.network_port,
1565 spice_bind = hvparams[constants.HV_KVM_SPICE_BIND]
1567 return objects.InstanceConsole(instance=instance.name,
1568 kind=constants.CONS_SPICE,
1570 port=instance.network_port)
1572 return objects.InstanceConsole(instance=instance.name,
1573 kind=constants.CONS_MESSAGE,
1574 message=("No serial shell for instance %s" %
1578 """Verify the hypervisor.
1580 Check that the binary exists.
1583 if not os.path.exists(constants.KVM_PATH):
1584 return "The kvm binary ('%s') does not exist." % constants.KVM_PATH
1585 if not os.path.exists(constants.SOCAT_PATH):
1586 return "The socat binary ('%s') does not exist." % constants.SOCAT_PATH
1589 def CheckParameterSyntax(cls, hvparams):
1590 """Check the given parameters for validity.
1592 @type hvparams: dict
1593 @param hvparams: dictionary with parameter names/value
1594 @raise errors.HypervisorError: when a parameter is not valid
1597 super(KVMHypervisor, cls).CheckParameterSyntax(hvparams)
1599 kernel_path = hvparams[constants.HV_KERNEL_PATH]
1601 if not hvparams[constants.HV_ROOT_PATH]:
1602 raise errors.HypervisorError("Need a root partition for the instance,"
1603 " if a kernel is defined")
1605 if (hvparams[constants.HV_VNC_X509_VERIFY] and
1606 not hvparams[constants.HV_VNC_X509]):
1607 raise errors.HypervisorError("%s must be defined, if %s is" %
1608 (constants.HV_VNC_X509,
1609 constants.HV_VNC_X509_VERIFY))
1611 boot_order = hvparams[constants.HV_BOOT_ORDER]
1612 if (boot_order == constants.HT_BO_CDROM and
1613 not hvparams[constants.HV_CDROM_IMAGE_PATH]):
1614 raise errors.HypervisorError("Cannot boot from cdrom without an"
1617 security_model = hvparams[constants.HV_SECURITY_MODEL]
1618 if security_model == constants.HT_SM_USER:
1619 if not hvparams[constants.HV_SECURITY_DOMAIN]:
1620 raise errors.HypervisorError("A security domain (user to run kvm as)"
1621 " must be specified")
1622 elif (security_model == constants.HT_SM_NONE or
1623 security_model == constants.HT_SM_POOL):
1624 if hvparams[constants.HV_SECURITY_DOMAIN]:
1625 raise errors.HypervisorError("Cannot have a security domain when the"
1626 " security model is 'none' or 'pool'")
1628 spice_bind = hvparams[constants.HV_KVM_SPICE_BIND]
1629 spice_ip_version = hvparams[constants.HV_KVM_SPICE_IP_VERSION]
1631 if spice_ip_version != constants.IFACE_NO_IP_VERSION_SPECIFIED:
1632 # if an IP version is specified, the spice_bind parameter must be an
1634 if (netutils.IP4Address.IsValid(spice_bind) and
1635 spice_ip_version != constants.IP4_VERSION):
1636 raise errors.HypervisorError("spice: got an IPv4 address (%s), but"
1637 " the specified IP version is %s" %
1638 (spice_bind, spice_ip_version))
1640 if (netutils.IP6Address.IsValid(spice_bind) and
1641 spice_ip_version != constants.IP6_VERSION):
1642 raise errors.HypervisorError("spice: got an IPv6 address (%s), but"
1643 " the specified IP version is %s" %
1644 (spice_bind, spice_ip_version))
1646 # All the other SPICE parameters depend on spice_bind being set. Raise an
1647 # error if any of them is set without it.
1648 spice_additional_params = frozenset([
1649 constants.HV_KVM_SPICE_IP_VERSION,
1650 constants.HV_KVM_SPICE_PASSWORD_FILE,
1651 constants.HV_KVM_SPICE_LOSSLESS_IMG_COMPR,
1652 constants.HV_KVM_SPICE_JPEG_IMG_COMPR,
1653 constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR,
1654 constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION,
1656 for param in spice_additional_params:
1658 raise errors.HypervisorError("spice: %s requires %s to be set" %
1659 (param, constants.HV_KVM_SPICE_BIND))
1662 def ValidateParameters(cls, hvparams):
1663 """Check the given parameters for validity.
1665 @type hvparams: dict
1666 @param hvparams: dictionary with parameter names/value
1667 @raise errors.HypervisorError: when a parameter is not valid
1670 super(KVMHypervisor, cls).ValidateParameters(hvparams)
1672 security_model = hvparams[constants.HV_SECURITY_MODEL]
1673 if security_model == constants.HT_SM_USER:
1674 username = hvparams[constants.HV_SECURITY_DOMAIN]
1676 pwd.getpwnam(username)
1678 raise errors.HypervisorError("Unknown security domain user %s"
1681 spice_bind = hvparams[constants.HV_KVM_SPICE_BIND]
1683 # only one of VNC and SPICE can be used currently.
1684 if hvparams[constants.HV_VNC_BIND_ADDRESS]:
1685 raise errors.HypervisorError("both SPICE and VNC are configured, but"
1686 " only one of them can be used at a"
1689 # KVM version should be >= 0.14.0
1690 _, v_major, v_min, _ = cls._GetKVMVersion()
1691 if (v_major, v_min) < (0, 14):
1692 raise errors.HypervisorError("spice is configured, but it is not"
1693 " available in versions of KVM < 0.14")
1695 # if spice_bind is not an IP address, it must be a valid interface
1696 bound_to_addr = (netutils.IP4Address.IsValid(spice_bind)
1697 or netutils.IP6Address.IsValid(spice_bind))
1698 if not bound_to_addr and not netutils.IsValidInterface(spice_bind):
1699 raise errors.HypervisorError("spice: the %s parameter must be either"
1700 " a valid IP address or interface name" %
1701 constants.HV_KVM_SPICE_BIND)
1704 def PowercycleNode(cls):
1705 """KVM powercycle, just a wrapper over Linux powercycle.
1708 cls.LinuxPowercycle()