Synnefo » snf-ganeti

#

#

# Copyright (C) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Google Inc.

# All rights reserved.

#

# Redistribution and use in source and binary forms, with or without

# modification, are permitted provided that the following conditions are

# met:

#

# 1. Redistributions of source code must retain the above copyright notice,

# this list of conditions and the following disclaimer.

#

# 2. Redistributions in binary form must reproduce the above copyright

# notice, this list of conditions and the following disclaimer in the

# documentation and/or other materials provided with the distribution.

#

# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED

# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR

# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

"""KVM hypervisor

"""

import errno

import os

import os.path

import re

import tempfile

import time

import logging

import pwd

import shutil

import urllib2

import socket

import stat

import StringIO

from bitarray import bitarray

try:

  import affinity   # pylint: disable=F0401

except ImportError:

  affinity = None

try:

  import fdsend   # pylint: disable=F0401

except ImportError:

  fdsend = None

from ganeti import utils

from ganeti import constants

from ganeti import errors

from ganeti import serializer

from ganeti import objects

from ganeti import uidpool

from ganeti import ssconf

from ganeti import netutils

from ganeti import pathutils

from ganeti.hypervisor import hv_base

from ganeti.utils import wrapper as utils_wrapper

from ganeti.hypervisor.hv_kvm.monitor import QmpConnection, QmpMessage, \

                                             MonitorSocket

from ganeti.hypervisor.hv_kvm.netdev import OpenTap

_KVM_NETWORK_SCRIPT = pathutils.CONF_DIR + "/kvm-ifup-custom"

_KVM_START_PAUSED_FLAG = "-S"

#: SPICE parameters which depend on L{constants.HV_KVM_SPICE_BIND}

_SPICE_ADDITIONAL_PARAMS = frozenset([

  constants.HV_KVM_SPICE_IP_VERSION,

  constants.HV_KVM_SPICE_PASSWORD_FILE,

  constants.HV_KVM_SPICE_LOSSLESS_IMG_COMPR,

  constants.HV_KVM_SPICE_JPEG_IMG_COMPR,

  constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR,

  constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION,

  constants.HV_KVM_SPICE_USE_TLS,

  ])

# below constants show the format of runtime file

# the nics are in second possition, while the disks in 4th (last)

# moreover disk entries are stored as a list of in tuples

# (L{objects.Disk}, link_name, uri)

_KVM_NICS_RUNTIME_INDEX = 1

_KVM_DISKS_RUNTIME_INDEX = 3

_DEVICE_RUNTIME_INDEX = {

  constants.HOTPLUG_TARGET_DISK: _KVM_DISKS_RUNTIME_INDEX,

  constants.HOTPLUG_TARGET_NIC: _KVM_NICS_RUNTIME_INDEX

  }

_FIND_RUNTIME_ENTRY = {

  constants.HOTPLUG_TARGET_NIC:

    lambda nic, kvm_nics: [n for n in kvm_nics if n.uuid == nic.uuid],

  constants.HOTPLUG_TARGET_DISK:

    lambda disk, kvm_disks: [(d, l, u) for (d, l, u) in kvm_disks

                             if d.uuid == disk.uuid]

  }

_RUNTIME_DEVICE = {

  constants.HOTPLUG_TARGET_NIC: lambda d: d,

  constants.HOTPLUG_TARGET_DISK: lambda (d, e, _): d

  }

_RUNTIME_ENTRY = {

  constants.HOTPLUG_TARGET_NIC: lambda d, e: d,

  constants.HOTPLUG_TARGET_DISK: lambda d, e: (d, e[0], e[1])

  }

_MIGRATION_CAPS_DELIM = ":"

def _with_qmp(fn):

  """Wrapper used on hotplug related methods"""

  def wrapper(self, instance, *args, **kwargs):

    """Create a QmpConnection and run the wrapped method"""

    if not getattr(self, "qmp", None):

      filename = self._InstanceQmpMonitor(instance.name)# pylint: disable=W0212

      self.qmp = QmpConnection(filename)

    return fn(self, instance, *args, **kwargs)

  return wrapper

def _GetDriveURI(disk, link, uri):

  """Helper function to get the drive uri to be used in --drive kvm option

  Invoked during startup and disk hot-add. In latter case and if no userspace

  access mode is used it will be overriden with /dev/fdset/<fdset-id> (see

  HotAddDisk() and AddFd() of QmpConnection).

  @type disk: L{objects.Disk}

  @param disk: A disk configuration object

  @type link: string

  @param link: The device link as returned by _SymlinkBlockDev()

  @type uri: string

  @param uri: The drive uri as returned by _CalculateDeviceURI()

  @return: The drive uri to use in kvm option

  """

  access_mode = disk.params.get(constants.LDP_ACCESS,

                                constants.DISK_KERNELSPACE)

  # If uri is available, use it during startup/hot-add

  if (uri and access_mode == constants.DISK_USERSPACE):

    drive_uri = uri

  # Otherwise use the link previously created

  else:

    drive_uri = link

  return drive_uri

def _GenerateDeviceKVMId(dev_type, dev):

  """Helper function to generate a unique device name used by KVM

  QEMU monitor commands use names to identify devices. Here we use their pci

  slot and a part of their UUID to name them. dev.pci might be None for old

  devices in the cluster.

  @type dev_type: sting

  @param dev_type: device type of param dev

  @type dev: L{objects.Disk} or L{objects.NIC}

  @param dev: the device object for which we generate a kvm name

  @raise errors.HotplugError: in case a device has no pci slot (old devices)

  """

  if not dev.pci:

    raise errors.HotplugError("Hotplug is not supported for %s with UUID %s" %

                              (dev_type, dev.uuid))

  return "%s-%s-pci-%d" % (dev_type.lower(), dev.uuid.split("-")[0], dev.pci)

def _GetExistingDeviceInfo(dev_type, device, runtime):

  """Helper function to get an existing device inside the runtime file

  Used when an instance is running. Load kvm runtime file and search

  for a device based on its type and uuid.

  @type dev_type: sting

  @param dev_type: device type of param dev

  @type device: L{objects.Disk} or L{objects.NIC}

  @param device: the device object for which we generate a kvm name

  @type runtime: tuple (cmd, nics, hvparams, disks)

  @param runtime: the runtime data to search for the device

  @raise errors.HotplugError: in case the requested device does not

    exist (e.g. device has been added without --hotplug option) or

    device info has not pci slot (e.g. old devices in the cluster)

  """

  index = _DEVICE_RUNTIME_INDEX[dev_type]

  found = _FIND_RUNTIME_ENTRY[dev_type](device, runtime[index])

  if not found:

    raise errors.HotplugError("Cannot find runtime info for %s with UUID %s" %

                              (dev_type, device.uuid))

  return found[0]

def _UpgradeSerializedRuntime(serialized_runtime):

  """Upgrade runtime data

  Remove any deprecated fields or change the format of the data.

  The runtime files are not upgraded when Ganeti is upgraded, so the required

  modification have to be performed here.

  @type serialized_runtime: string

  @param serialized_runtime: raw text data read from actual runtime file

  @return: (cmd, nic dicts, hvparams, bdev dicts)

  @rtype: tuple

  """

  loaded_runtime = serializer.Load(serialized_runtime)

  kvm_cmd, serialized_nics, hvparams = loaded_runtime[:3]

  if len(loaded_runtime) >= 4:

    serialized_disks = loaded_runtime[3]

  else:

    serialized_disks = []

  for nic in serialized_nics:

    # Add a dummy uuid slot if an pre-2.8 NIC is found

    if "uuid" not in nic:

      nic["uuid"] = utils.NewUUID()

  return kvm_cmd, serialized_nics, hvparams, serialized_disks

def _AnalyzeSerializedRuntime(serialized_runtime):

  """Return runtime entries for a serialized runtime file

  @type serialized_runtime: string

  @param serialized_runtime: raw text data read from actual runtime file

  @return: (cmd, nics, hvparams, bdevs)

  @rtype: tuple

  """

  kvm_cmd, serialized_nics, hvparams, serialized_disks = \

    _UpgradeSerializedRuntime(serialized_runtime)

  kvm_nics = [objects.NIC.FromDict(snic) for snic in serialized_nics]

  kvm_disks = [(objects.Disk.FromDict(sdisk), link, uri)

               for sdisk, link, uri in serialized_disks]

  return (kvm_cmd, kvm_nics, hvparams, kvm_disks)

class HeadRequest(urllib2.Request):

  def get_method(self):

    return "HEAD"

def _CheckUrl(url):

  """Check if a given URL exists on the server

  """

  try:

    urllib2.urlopen(HeadRequest(url))

    return True

  except urllib2.URLError:

    return False

class KVMHypervisor(hv_base.BaseHypervisor):

  """KVM hypervisor interface

  """

  CAN_MIGRATE = True

  _ROOT_DIR = pathutils.RUN_DIR + "/kvm-hypervisor"

  _PIDS_DIR = _ROOT_DIR + "/pid" # contains live instances pids

  _UIDS_DIR = _ROOT_DIR + "/uid" # contains instances reserved uids

  _CTRL_DIR = _ROOT_DIR + "/ctrl" # contains instances control sockets

  _CONF_DIR = _ROOT_DIR + "/conf" # contains instances startup data

  _NICS_DIR = _ROOT_DIR + "/nic" # contains instances nic <-> tap associations

  _KEYMAP_DIR = _ROOT_DIR + "/keymap" # contains instances keymaps

  # KVM instances with chroot enabled are started in empty chroot directories.

  _CHROOT_DIR = _ROOT_DIR + "/chroot" # for empty chroot directories

  # After an instance is stopped, its chroot directory is removed.

  # If the chroot directory is not empty, it can't be removed.

  # A non-empty chroot directory indicates a possible security incident.

  # To support forensics, the non-empty chroot directory is quarantined in

  # a separate directory, called 'chroot-quarantine'.

  _CHROOT_QUARANTINE_DIR = _ROOT_DIR + "/chroot-quarantine"

  _DIRS = [_ROOT_DIR, _PIDS_DIR, _UIDS_DIR, _CTRL_DIR, _CONF_DIR, _NICS_DIR,

           _CHROOT_DIR, _CHROOT_QUARANTINE_DIR, _KEYMAP_DIR]

  PARAMETERS = {

    constants.HV_KVM_PATH: hv_base.REQ_FILE_CHECK,

    constants.HV_KERNEL_PATH: hv_base.OPT_FILE_CHECK,

    constants.HV_INITRD_PATH: hv_base.OPT_FILE_CHECK,

    constants.HV_ROOT_PATH: hv_base.NO_CHECK,

    constants.HV_KERNEL_ARGS: hv_base.NO_CHECK,

    constants.HV_ACPI: hv_base.NO_CHECK,

    constants.HV_SERIAL_CONSOLE: hv_base.NO_CHECK,

    constants.HV_SERIAL_SPEED: hv_base.NO_CHECK,

    constants.HV_VNC_BIND_ADDRESS: hv_base.NO_CHECK, # will be checked later

    constants.HV_VNC_TLS: hv_base.NO_CHECK,

    constants.HV_VNC_X509: hv_base.OPT_DIR_CHECK,

    constants.HV_VNC_X509_VERIFY: hv_base.NO_CHECK,

    constants.HV_VNC_PASSWORD_FILE: hv_base.OPT_FILE_CHECK,

    constants.HV_KVM_SPICE_BIND: hv_base.NO_CHECK, # will be checked later

    constants.HV_KVM_SPICE_IP_VERSION:

      (False, lambda x: (x == constants.IFACE_NO_IP_VERSION_SPECIFIED or

                         x in constants.VALID_IP_VERSIONS),

       "The SPICE IP version should be 4 or 6",

       None, None),

    constants.HV_KVM_SPICE_PASSWORD_FILE: hv_base.OPT_FILE_CHECK,

    constants.HV_KVM_SPICE_LOSSLESS_IMG_COMPR:

      hv_base.ParamInSet(

        False, constants.HT_KVM_SPICE_VALID_LOSSLESS_IMG_COMPR_OPTIONS),

    constants.HV_KVM_SPICE_JPEG_IMG_COMPR:

      hv_base.ParamInSet(

        False, constants.HT_KVM_SPICE_VALID_LOSSY_IMG_COMPR_OPTIONS),

    constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR:

      hv_base.ParamInSet(

        False, constants.HT_KVM_SPICE_VALID_LOSSY_IMG_COMPR_OPTIONS),

    constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION:

      hv_base.ParamInSet(

        False, constants.HT_KVM_SPICE_VALID_VIDEO_STREAM_DETECTION_OPTIONS),

    constants.HV_KVM_SPICE_AUDIO_COMPR: hv_base.NO_CHECK,

    constants.HV_KVM_SPICE_USE_TLS: hv_base.NO_CHECK,

    constants.HV_KVM_SPICE_TLS_CIPHERS: hv_base.NO_CHECK,

    constants.HV_KVM_SPICE_USE_VDAGENT: hv_base.NO_CHECK,

    constants.HV_KVM_FLOPPY_IMAGE_PATH: hv_base.OPT_FILE_CHECK,

    constants.HV_CDROM_IMAGE_PATH: hv_base.OPT_FILE_OR_URL_CHECK,

    constants.HV_KVM_CDROM2_IMAGE_PATH: hv_base.OPT_FILE_OR_URL_CHECK,

    constants.HV_BOOT_ORDER:

      hv_base.ParamInSet(True, constants.HT_KVM_VALID_BO_TYPES),

    constants.HV_NIC_TYPE:

      hv_base.ParamInSet(True, constants.HT_KVM_VALID_NIC_TYPES),

    constants.HV_DISK_TYPE:

      hv_base.ParamInSet(True, constants.HT_KVM_VALID_DISK_TYPES),

    constants.HV_KVM_CDROM_DISK_TYPE:

      hv_base.ParamInSet(False, constants.HT_KVM_VALID_DISK_TYPES),

    constants.HV_USB_MOUSE:

      hv_base.ParamInSet(False, constants.HT_KVM_VALID_MOUSE_TYPES),

    constants.HV_KEYMAP: hv_base.NO_CHECK,

    constants.HV_MIGRATION_PORT: hv_base.REQ_NET_PORT_CHECK,

    constants.HV_MIGRATION_BANDWIDTH: hv_base.REQ_NONNEGATIVE_INT_CHECK,

    constants.HV_MIGRATION_DOWNTIME: hv_base.REQ_NONNEGATIVE_INT_CHECK,

    constants.HV_MIGRATION_MODE: hv_base.MIGRATION_MODE_CHECK,

    constants.HV_USE_LOCALTIME: hv_base.NO_CHECK,

    constants.HV_DISK_CACHE:

      hv_base.ParamInSet(True, constants.HT_VALID_CACHE_TYPES),

    constants.HV_SECURITY_MODEL:

      hv_base.ParamInSet(True, constants.HT_KVM_VALID_SM_TYPES),

    constants.HV_SECURITY_DOMAIN: hv_base.NO_CHECK,

    constants.HV_KVM_FLAG:

      hv_base.ParamInSet(False, constants.HT_KVM_FLAG_VALUES),

    constants.HV_VHOST_NET: hv_base.NO_CHECK,

    constants.HV_VIRTIO_NET_QUEUES: hv_base.OPT_VIRTIO_NET_QUEUES_CHECK,

    constants.HV_KVM_USE_CHROOT: hv_base.NO_CHECK,

    constants.HV_MEM_PATH: hv_base.OPT_DIR_CHECK,

    constants.HV_REBOOT_BEHAVIOR:

      hv_base.ParamInSet(True, constants.REBOOT_BEHAVIORS),

    constants.HV_CPU_MASK: hv_base.OPT_MULTI_CPU_MASK_CHECK,

    constants.HV_CPU_TYPE: hv_base.NO_CHECK,

    constants.HV_CPU_CORES: hv_base.OPT_NONNEGATIVE_INT_CHECK,

    constants.HV_CPU_THREADS: hv_base.OPT_NONNEGATIVE_INT_CHECK,

    constants.HV_CPU_SOCKETS: hv_base.OPT_NONNEGATIVE_INT_CHECK,

    constants.HV_SOUNDHW: hv_base.NO_CHECK,

    constants.HV_USB_DEVICES: hv_base.NO_CHECK,

    constants.HV_VGA: hv_base.NO_CHECK,

    constants.HV_KVM_EXTRA: hv_base.NO_CHECK,

    constants.HV_KVM_MACHINE_VERSION: hv_base.NO_CHECK,

    constants.HV_KVM_MIGRATION_CAPS: hv_base.NO_CHECK,

    constants.HV_VNET_HDR: hv_base.NO_CHECK,

    }

  _VIRTIO = "virtio"

  _VIRTIO_NET_PCI = "virtio-net-pci"

  _VIRTIO_BLK_PCI = "virtio-blk-pci"

  _MIGRATION_STATUS_RE = re.compile(r"Migration\s+status:\s+(\w+)",

                                    re.M | re.I)

  _MIGRATION_PROGRESS_RE = \

    re.compile(r"\s*transferred\s+ram:\s+(?P<transferred>\d+)\s+kbytes\s*\n"

               r"\s*remaining\s+ram:\s+(?P<remaining>\d+)\s+kbytes\s*\n"

               r"\s*total\s+ram:\s+(?P<total>\d+)\s+kbytes\s*\n", re.I)

  _MIGRATION_INFO_MAX_BAD_ANSWERS = 5

  _MIGRATION_INFO_RETRY_DELAY = 2

  _VERSION_RE = re.compile(r"\b(\d+)\.(\d+)(\.(\d+))?\b")

  _CPU_INFO_RE = re.compile(r"cpu\s+\#(\d+).*thread_id\s*=\s*(\d+)", re.I)

  _CPU_INFO_CMD = "info cpus"

  _CONT_CMD = "cont"

  _DEFAULT_MACHINE_VERSION_RE = re.compile(r"^(\S+).*\(default\)", re.M)

  _CHECK_MACHINE_VERSION_RE = \

    staticmethod(lambda x: re.compile(r"^(%s)[ ]+.*PC" % x, re.M))

  _QMP_RE = re.compile(r"^-qmp\s", re.M)

  _SPICE_RE = re.compile(r"^-spice\s", re.M)

  _VHOST_RE = re.compile(r"^-net\s.*,vhost=on|off", re.M)

  _VIRTIO_NET_QUEUES_RE = re.compile(r"^-net\s.*,fds=x:y:...:z", re.M)

  _ENABLE_KVM_RE = re.compile(r"^-enable-kvm\s", re.M)

  _DISABLE_KVM_RE = re.compile(r"^-disable-kvm\s", re.M)

  _NETDEV_RE = re.compile(r"^-netdev\s", re.M)

  _DISPLAY_RE = re.compile(r"^-display\s", re.M)

  _MACHINE_RE = re.compile(r"^-machine\s", re.M)

  _VIRTIO_NET_RE = re.compile(r"^name \"%s\"" % _VIRTIO_NET_PCI, re.M)

  _VIRTIO_BLK_RE = re.compile(r"^name \"%s\"" % _VIRTIO_BLK_PCI, re.M)

  # match  -drive.*boot=on|off on different lines, but in between accept only

  # dashes not preceeded by a new line (which would mean another option

  # different than -drive is starting)

  _BOOT_RE = re.compile(r"^-drive\s([^-]|(?<!^)-)*,boot=on\|off", re.M | re.S)

  _UUID_RE = re.compile(r"^-uuid\s", re.M)

  _INFO_VERSION_RE = \

    re.compile(r'^QEMU (\d+)\.(\d+)(\.(\d+))?.*monitor.*', re.M)

  _INFO_VERSION_CMD = "info version"

  # Slot 0 for Host bridge, Slot 1 for ISA bridge, Slot 2 for VGA controller

  _DEFAULT_PCI_RESERVATIONS = "11100000000000000000000000000000"

  _SOUNDHW_WITH_PCI_SLOT = ["ac97", "es1370", "hda"]

  ANCILLARY_FILES = [

    _KVM_NETWORK_SCRIPT,

    ]

  ANCILLARY_FILES_OPT = [

    _KVM_NETWORK_SCRIPT,

    ]

  # Supported kvm options to get output from

  _KVMOPT_HELP = "help"

  _KVMOPT_MLIST = "mlist"

  _KVMOPT_DEVICELIST = "devicelist"

  # Command to execute to get the output from kvm, and whether to

  # accept the output even on failure.

  _KVMOPTS_CMDS = {

    _KVMOPT_HELP: (["--help"], False),

    _KVMOPT_MLIST: (["-M", "?"], False),

    _KVMOPT_DEVICELIST: (["-device", "?"], True),

  }

  def __init__(self):

    hv_base.BaseHypervisor.__init__(self)

    # Let's make sure the directories we need exist, even if the RUN_DIR lives

    # in a tmpfs filesystem or has been otherwise wiped out.

    dirs = [(dname, constants.RUN_DIRS_MODE) for dname in self._DIRS]

    utils.EnsureDirs(dirs)

    self.qmp = None

  @classmethod

  def _InstancePidFile(cls, instance_name):

    """Returns the instance pidfile.

    """

    return utils.PathJoin(cls._PIDS_DIR, instance_name)

  @classmethod

  def _InstanceUidFile(cls, instance_name):

    """Returns the instance uidfile.

    """

    return utils.PathJoin(cls._UIDS_DIR, instance_name)

  @classmethod

  def _InstancePidInfo(cls, pid):

    """Check pid file for instance information.

    Check that a pid file is associated with an instance, and retrieve

    information from its command line.

    @type pid: string or int

    @param pid: process id of the instance to check

    @rtype: tuple

    @return: (instance_name, memory, vcpus)

    @raise errors.HypervisorError: when an instance cannot be found

    """

    alive = utils.IsProcessAlive(pid)

    if not alive:

      raise errors.HypervisorError("Cannot get info for pid %s" % pid)

    cmdline_file = utils.PathJoin("/proc", str(pid), "cmdline")

    try:

      cmdline = utils.ReadFile(cmdline_file)

    except EnvironmentError, err:

      raise errors.HypervisorError("Can't open cmdline file for pid %s: %s" %

                                   (pid, err))

    instance = None

    memory = 0

    vcpus = 0

    arg_list = cmdline.split("\x00")

    while arg_list:

      arg = arg_list.pop(0)

      if arg == "-name":

        instance = arg_list.pop(0)

      elif arg == "-m":

        memory = int(arg_list.pop(0))

      elif arg == "-smp":

        vcpus = int(arg_list.pop(0).split(",")[0])

    if instance is None:

      raise errors.HypervisorError("Pid %s doesn't contain a ganeti kvm"

                                   " instance" % pid)

    return (instance, memory, vcpus)

  @classmethod

  def _InstancePidAlive(cls, instance_name):

    """Returns the instance pidfile, pid, and liveness.

    @type instance_name: string

    @param instance_name: instance name

    @rtype: tuple

    @return: (pid file name, pid, liveness)

    """

    pidfile = cls._InstancePidFile(instance_name)

    pid = utils.ReadPidFile(pidfile)

    alive = False

    try:

      cmd_instance = cls._InstancePidInfo(pid)[0]

      alive = (cmd_instance == instance_name)

    except errors.HypervisorError:

      pass

    return (pidfile, pid, alive)

  @classmethod

  def _CheckDown(cls, instance_name):

    """Raises an error unless the given instance is down.

    """

    alive = cls._InstancePidAlive(instance_name)[2]

    if alive:

      raise errors.HypervisorError("Failed to start instance %s: %s" %

                                   (instance_name, "already running"))

  @classmethod

  def _InstanceMonitor(cls, instance_name):

    """Returns the instance monitor socket name

    """

    return utils.PathJoin(cls._CTRL_DIR, "%s.monitor" % instance_name)

  @classmethod

  def _InstanceSerial(cls, instance_name):

    """Returns the instance serial socket name

    """

    return utils.PathJoin(cls._CTRL_DIR, "%s.serial" % instance_name)

  @classmethod

  def _InstanceQmpMonitor(cls, instance_name):

    """Returns the instance serial QMP socket name

    """

    return utils.PathJoin(cls._CTRL_DIR, "%s.qmp" % instance_name)

  @staticmethod

  def _SocatUnixConsoleParams():

    """Returns the correct parameters for socat

    If we have a new-enough socat we can use raw mode with an escape character.

    """

    if constants.SOCAT_USE_ESCAPE:

      return "raw,echo=0,escape=%s" % constants.SOCAT_ESCAPE_CODE

    else:

      return "echo=0,icanon=0"

  @classmethod

  def _InstanceKVMRuntime(cls, instance_name):

    """Returns the instance KVM runtime filename

    """

    return utils.PathJoin(cls._CONF_DIR, "%s.runtime" % instance_name)

  @classmethod

  def _InstanceChrootDir(cls, instance_name):

    """Returns the name of the KVM chroot dir of the instance

    """

    return utils.PathJoin(cls._CHROOT_DIR, instance_name)

  @classmethod

  def _InstanceNICDir(cls, instance_name):

    """Returns the name of the directory holding the tap device files for a

    given instance.

    """

    return utils.PathJoin(cls._NICS_DIR, instance_name)

  @classmethod

  def _InstanceNICFile(cls, instance_name, seq_or_uuid):

    """Returns the name of the file containing the tap device for a given NIC

    """

    return utils.PathJoin(cls._InstanceNICDir(instance_name), str(seq_or_uuid))

  @classmethod

  def _GetInstanceNICTap(cls, instance_name, nic):

    """Returns the tap for the corresponding nic

    Search for tap file named after NIC's uuid.

    For old instances without uuid indexed tap files returns nothing.

    """

    try:

      return utils.ReadFile(cls._InstanceNICFile(instance_name, nic.uuid))

    except EnvironmentError:

      pass

  @classmethod

  def _WriteInstanceNICFiles(cls, instance_name, seq, nic, tap):

    """Write tap name to both instance NIC files

    """

    for ident in [seq, nic.uuid]:

      utils.WriteFile(cls._InstanceNICFile(instance_name, ident), data=tap)

  @classmethod

  def _RemoveInstanceNICFiles(cls, instance_name, seq, nic):

    """Write tap name to both instance NIC files

    """

    for ident in [seq, nic.uuid]:

      utils.RemoveFile(cls._InstanceNICFile(instance_name, ident))

  @classmethod

  def _InstanceKeymapFile(cls, instance_name):

    """Returns the name of the file containing the keymap for a given instance

    """

    return utils.PathJoin(cls._KEYMAP_DIR, instance_name)

  @classmethod

  def _TryReadUidFile(cls, uid_file):

    """Try to read a uid file

    """

    if os.path.exists(uid_file):

      try:

        uid = int(utils.ReadOneLineFile(uid_file))

        return uid

      except EnvironmentError:

        logging.warning("Can't read uid file", exc_info=True)

      except (TypeError, ValueError):

        logging.warning("Can't parse uid file contents", exc_info=True)

    return None

  @classmethod

  def _RemoveInstanceRuntimeFiles(cls, pidfile, instance_name):

    """Removes an instance's rutime sockets/files/dirs.

    """

    utils.RemoveFile(pidfile)

    utils.RemoveFile(cls._InstanceMonitor(instance_name))

    utils.RemoveFile(cls._InstanceSerial(instance_name))

    utils.RemoveFile(cls._InstanceQmpMonitor(instance_name))

    utils.RemoveFile(cls._InstanceKVMRuntime(instance_name))

    utils.RemoveFile(cls._InstanceKeymapFile(instance_name))

    uid_file = cls._InstanceUidFile(instance_name)

    uid = cls._TryReadUidFile(uid_file)

    utils.RemoveFile(uid_file)

    if uid is not None:

      uidpool.ReleaseUid(uid)

    try:

      shutil.rmtree(cls._InstanceNICDir(instance_name))

    except OSError, err:

      if err.errno != errno.ENOENT:

        raise

    try:

      chroot_dir = cls._InstanceChrootDir(instance_name)

      utils.RemoveDir(chroot_dir)

    except OSError, err:

      if err.errno == errno.ENOTEMPTY:

        # The chroot directory is expected to be empty, but it isn't.

        new_chroot_dir = tempfile.mkdtemp(dir=cls._CHROOT_QUARANTINE_DIR,

                                          prefix="%s-%s-" %

                                          (instance_name,

                                           utils.TimestampForFilename()))

        logging.warning("The chroot directory of instance %s can not be"

                        " removed as it is not empty. Moving it to the"

                        " quarantine instead. Please investigate the"

                        " contents (%s) and clean up manually",

                        instance_name, new_chroot_dir)

        utils.RenameFile(chroot_dir, new_chroot_dir)

      else:

        raise

  @staticmethod

  def _ConfigureNIC(instance, seq, nic, tap):

    """Run the network configuration script for a specified NIC

    See L{hv_base.ConfigureNIC}.

    @param instance: instance we're acting on

    @type instance: instance object

    @param seq: nic sequence number

    @type seq: int

    @param nic: nic we're acting on

    @type nic: nic object

    @param tap: the host's tap interface this NIC corresponds to

    @type tap: str

    """

    hv_base.ConfigureNIC([pathutils.KVM_IFUP, tap], instance, seq, nic, tap)

  @staticmethod

  def _VerifyAffinityPackage():

    if affinity is None:

      raise errors.HypervisorError("affinity Python package not"

                                   " found; cannot use CPU pinning under KVM")

  @staticmethod

  def _BuildAffinityCpuMask(cpu_list):

    """Create a CPU mask suitable for sched_setaffinity from a list of

    CPUs.

    See man taskset for more info on sched_setaffinity masks.

    For example: [ 0, 2, 5, 6 ] will return 101 (0x65, 0..01100101).

    @type cpu_list: list of int

    @param cpu_list: list of physical CPU numbers to map to vCPUs in order

    @rtype: int

    @return: a bit mask of CPU affinities

    """

    if cpu_list == constants.CPU_PINNING_OFF:

      return constants.CPU_PINNING_ALL_KVM

    else:

      return sum(2 ** cpu for cpu in cpu_list)

  @classmethod

  def _AssignCpuAffinity(cls, cpu_mask, process_id, thread_dict):

    """Change CPU affinity for running VM according to given CPU mask.

    @param cpu_mask: CPU mask as given by the user. e.g. "0-2,4:all:1,3"

    @type cpu_mask: string

    @param process_id: process ID of KVM process. Used to pin entire VM

                       to physical CPUs.

    @type process_id: int

    @param thread_dict: map of virtual CPUs to KVM thread IDs

    @type thread_dict: dict int:int

    """

    # Convert the string CPU mask to a list of list of int's

    cpu_list = utils.ParseMultiCpuMask(cpu_mask)

    if len(cpu_list) == 1:

      all_cpu_mapping = cpu_list[0]

      if all_cpu_mapping == constants.CPU_PINNING_OFF:

        # If CPU pinning has 1 entry that's "all", then do nothing

        pass

      else:

        # If CPU pinning has one non-all entry, map the entire VM to

        # one set of physical CPUs

        cls._VerifyAffinityPackage()

        affinity.set_process_affinity_mask(

          process_id, cls._BuildAffinityCpuMask(all_cpu_mapping))

    else:

      # The number of vCPUs mapped should match the number of vCPUs

      # reported by KVM. This was already verified earlier, so

      # here only as a sanity check.

      assert len(thread_dict) == len(cpu_list)

      cls._VerifyAffinityPackage()

      # For each vCPU, map it to the proper list of physical CPUs

      for vcpu, i in zip(cpu_list, range(len(cpu_list))):

        affinity.set_process_affinity_mask(thread_dict[i],

                                           cls._BuildAffinityCpuMask(vcpu))

  def _GetVcpuThreadIds(self, instance_name):

    """Get a mapping of vCPU no. to thread IDs for the instance

    @type instance_name: string

    @param instance_name: instance in question

    @rtype: dictionary of int:int

    @return: a dictionary mapping vCPU numbers to thread IDs

    """

    result = {}

    output = self._CallMonitorCommand(instance_name, self._CPU_INFO_CMD)

    for line in output.stdout.splitlines():

      match = self._CPU_INFO_RE.search(line)

      if not match:

        continue

      grp = map(int, match.groups())

      result[grp[0]] = grp[1]

    return result

  def _ExecuteCpuAffinity(self, instance_name, cpu_mask):

    """Complete CPU pinning.

    @type instance_name: string

    @param instance_name: name of instance

    @type cpu_mask: string

    @param cpu_mask: CPU pinning mask as entered by user

    """

    # Get KVM process ID, to be used if need to pin entire VM

    _, pid, _ = self._InstancePidAlive(instance_name)

    # Get vCPU thread IDs, to be used if need to pin vCPUs separately

    thread_dict = self._GetVcpuThreadIds(instance_name)

    # Run CPU pinning, based on configured mask

    self._AssignCpuAffinity(cpu_mask, pid, thread_dict)

  def ListInstances(self, hvparams=None):

    """Get the list of running instances.

    We can do this by listing our live instances directory and

    checking whether the associated kvm process is still alive.

    """

    result = []

    for name in os.listdir(self._PIDS_DIR):

      if self._InstancePidAlive(name)[2]:

        result.append(name)

    return result

  def GetInstanceInfo(self, instance_name, hvparams=None):

    """Get instance properties.

    @type instance_name: string

    @param instance_name: the instance name

    @type hvparams: dict of strings

    @param hvparams: hvparams to be used with this instance

    @rtype: tuple of strings

    @return: (name, id, memory, vcpus, stat, times)

    """

    _, pid, alive = self._InstancePidAlive(instance_name)

    if not alive:

      return None

    _, memory, vcpus = self._InstancePidInfo(pid)

    istat = "---b-"

    times = "0"

    try:

      qmp = QmpConnection(self._InstanceQmpMonitor(instance_name))

      qmp.connect()

      vcpus = len(qmp.Execute("query-cpus"))

      # Will fail if ballooning is not enabled, but we can then just resort to

      # the value above.

      mem_bytes = qmp.Execute("query-balloon")[qmp.ACTUAL_KEY]

      memory = mem_bytes / 1048576

    except errors.HypervisorError:

      pass

    return (instance_name, pid, memory, vcpus, istat, times)

  def GetAllInstancesInfo(self, hvparams=None):

    """Get properties of all instances.

    @type hvparams: dict of strings

    @param hvparams: hypervisor parameter

    @return: list of tuples (name, id, memory, vcpus, stat, times)

    """

    data = []

    for name in os.listdir(self._PIDS_DIR):

      try:

        info = self.GetInstanceInfo(name)

      except errors.HypervisorError:

        # Ignore exceptions due to instances being shut down

        continue

      if info:

        data.append(info)

    return data

  def _GenerateKVMBlockDevicesOptions(self, instance, up_hvp, kvm_disks,

                                      kvmhelp, devlist):

    """Generate KVM options regarding instance's block devices.

    @type instance: L{objects.Instance}

    @param instance: the instance object

    @type up_hvp: dict

    @param up_hvp: the instance's runtime hypervisor parameters

    @type kvm_disks: list of tuples

    @param kvm_disks: list of tuples [(disk, link_name, uri)..]

    @type kvmhelp: string

    @param kvmhelp: output of kvm --help

    @type devlist: string

    @param devlist: output of kvm -device ?

    @rtype: list

    @return: list of command line options eventually used by kvm executable

    """

    kernel_path = up_hvp[constants.HV_KERNEL_PATH]

    if kernel_path:

      boot_disk = False

    else:

      boot_disk = up_hvp[constants.HV_BOOT_ORDER] == constants.HT_BO_DISK

    # whether this is an older KVM version that uses the boot=on flag

    # on devices

    needs_boot_flag = self._BOOT_RE.search(kvmhelp)

    dev_opts = []

    device_driver = None

    disk_type = up_hvp[constants.HV_DISK_TYPE]

    if disk_type == constants.HT_DISK_PARAVIRTUAL:

      if_val = ",if=%s" % self._VIRTIO

      try:

        if self._VIRTIO_BLK_RE.search(devlist):

          if_val = ",if=none"

          # will be passed in -device option as driver

          device_driver = self._VIRTIO_BLK_PCI

      except errors.HypervisorError, _:

        pass

    else:

      if_val = ",if=%s" % disk_type

    # Cache mode

    disk_cache = up_hvp[constants.HV_DISK_CACHE]

    if instance.disk_template in constants.DTS_EXT_MIRROR:

      if disk_cache != "none":

        # TODO: make this a hard error, instead of a silent overwrite

        logging.warning("KVM: overriding disk_cache setting '%s' with 'none'"

                        " to prevent shared storage corruption on migration",

                        disk_cache)

      cache_val = ",cache=none"

    elif disk_cache != constants.HT_CACHE_DEFAULT:

      cache_val = ",cache=%s" % disk_cache

    else:

      cache_val = ""

    for cfdev, link_name, uri in kvm_disks:

      if cfdev.mode != constants.DISK_RDWR:

        raise errors.HypervisorError("Instance has read-only disks which"

                                     " are not supported by KVM")

      # TODO: handle FD_LOOP and FD_BLKTAP (?)

      boot_val = ""

      if boot_disk:

        dev_opts.extend(["-boot", "c"])

        boot_disk = False

        if needs_boot_flag and disk_type != constants.HT_DISK_IDE:

          boot_val = ",boot=on"

      drive_uri = _GetDriveURI(cfdev, link_name, uri)

      drive_val = "file=%s,format=raw%s%s%s" % \

                  (drive_uri, if_val, boot_val, cache_val)

      if device_driver:

        # kvm_disks are the 4th entry of runtime file that did not exist in

        # the past. That means that cfdev should always have pci slot and

        # _GenerateDeviceKVMId() will not raise a exception.

        kvm_devid = _GenerateDeviceKVMId(constants.HOTPLUG_TARGET_DISK, cfdev)

        drive_val += (",id=%s" % kvm_devid)

        drive_val += (",bus=0,unit=%d" % cfdev.pci)

        dev_val = ("%s,drive=%s,id=%s" %

                   (device_driver, kvm_devid, kvm_devid))

        dev_val += ",bus=pci.0,addr=%s" % hex(cfdev.pci)

        dev_opts.extend(["-device", dev_val])

      dev_opts.extend(["-drive", drive_val])

    return dev_opts

  @staticmethod

  def _CdromOption(kvm_cmd, cdrom_disk_type, cdrom_image, cdrom_boot,

                   needs_boot_flag):

    """Extends L{kvm_cmd} with the '-drive' option for a cdrom, and

    optionally the '-boot' option.

    Example: -drive file=cdrom.iso,media=cdrom,format=raw,if=ide -boot d

    Example: -drive file=cdrom.iso,media=cdrom,format=raw,if=ide,boot=on

    Example: -drive file=http://hostname.com/cdrom.iso,media=cdrom

    @type kvm_cmd: string

    @param kvm_cmd: KVM command line

    @type cdrom_disk_type:

    @param cdrom_disk_type:

    @type cdrom_image:

    @param cdrom_image:

    @type cdrom_boot:

    @param cdrom_boot:

    @type needs_boot_flag:

    @param needs_boot_flag:

    """

    # Check that the ISO image is accessible

    # See https://bugs.launchpad.net/qemu/+bug/597575

    if utils.IsUrl(cdrom_image) and not _CheckUrl(cdrom_image):

      raise errors.HypervisorError("Cdrom ISO image '%s' is not accessible" %

                                   cdrom_image)

    # set cdrom 'media' and 'format', if needed

    if utils.IsUrl(cdrom_image):

      options = ",media=cdrom"

    else:

      options = ",media=cdrom,format=raw"

    # set cdrom 'if' type

    if cdrom_boot:

      if_val = ",if=" + constants.HT_DISK_IDE

    elif cdrom_disk_type == constants.HT_DISK_PARAVIRTUAL:

      if_val = ",if=virtio"

    else:

      if_val = ",if=" + cdrom_disk_type

    # set boot flag, if needed

    boot_val = ""

    if cdrom_boot:

      kvm_cmd.extend(["-boot", "d"])

      # whether this is an older KVM version that requires the 'boot=on' flag

      # on devices

      if needs_boot_flag:

        boot_val = ",boot=on"

    # build '-drive' option

    drive_val = "file=%s%s%s%s" % (cdrom_image, options, if_val, boot_val)

    kvm_cmd.extend(["-drive", drive_val])

  def _GenerateKVMRuntime(self, instance, block_devices, startup_paused,

                          kvmhelp):

    """Generate KVM information to start an instance.

    @type kvmhelp: string

    @param kvmhelp: output of kvm --help

    @attention: this function must not have any side-effects; for

        example, it must not write to the filesystem, or read values

        from the current system the are expected to differ between

        nodes, since it is only run once at instance startup;

        actions/kvm arguments that can vary between systems should be

        done in L{_ExecuteKVMRuntime}

    """

    # pylint: disable=R0912,R0914,R0915

    hvp = instance.hvparams

    self.ValidateParameters(hvp)

    pidfile = self._InstancePidFile(instance.name)

    kvm = hvp[constants.HV_KVM_PATH]

    kvm_cmd = [kvm]

    # used just by the vnc server, if enabled

    kvm_cmd.extend(["-name", instance.name])

    kvm_cmd.extend(["-m", instance.beparams[constants.BE_MAXMEM]])

    smp_list = ["%s" % instance.beparams[constants.BE_VCPUS]]

    if hvp[constants.HV_CPU_CORES]:

      smp_list.append("cores=%s" % hvp[constants.HV_CPU_CORES])

    if hvp[constants.HV_CPU_THREADS]:

      smp_list.append("threads=%s" % hvp[constants.HV_CPU_THREADS])

    if hvp[constants.HV_CPU_SOCKETS]:

      smp_list.append("sockets=%s" % hvp[constants.HV_CPU_SOCKETS])

    kvm_cmd.extend(["-smp", ",".join(smp_list)])

    kvm_cmd.extend(["-pidfile", pidfile])

    pci_reservations = bitarray(self._DEFAULT_PCI_RESERVATIONS)

    # As requested by music lovers

    if hvp[constants.HV_SOUNDHW]:

      soundhw = hvp[constants.HV_SOUNDHW]

      # For some reason only few sound devices require a PCI slot

      # while the Audio controller *must* be in slot 3.

      # That's why we bridge this option early in command line