Nova can lose track of running VM if live migration raises an exception

There is actually a callback that the libvirt driver _live_migrate method invokes upon seeing an exception from libvirt. It ends up calling the nova.compute.manager._rollback_live_migration method. This method blindly assumes the VM will be running on the source, so attempts to re-setup networks & volumes and destroy storage on the target. So we're doubly doomed, because it is tearing down stuff that the VM is using on the target.

Related fix proposed to branch: master
Review: https://review.openstack.org/151663

Fix proposed to branch: master
Review: https://review.openstack.org/151664

Reviewed: https://review.openstack.org/151663
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=584a44f0157e84ce0100da6ee4f7b94bbb4088e3
Submitter: Jenkins
Branch: master

commit 584a44f0157e84ce0100da6ee4f7b94bbb4088e3
Author: Daniel P. Berrange <email address hidden>
Date: Wed Jan 28 17:46:55 2015 +0000

    libvirt: remove pointless loop after live migration finishes

    The libvirt 'migrateToURI' API(s) all block the caller until the
    live migration operation has completed. As such, the timer call
    used to check if live migration has completed is entirely pointless.
    It appears this is code left over from the very first impl of live
    migration in Nova, when Nova would simply shell out to the 'virsh'
    command instead of using the libvirt APIs. Even back then though
    it looks like it was redundant, since the command being spawned
    would also block until live migration was finished.

    Related-bug: #1414065
    Change-Id: Ib3906ef8564a986f7c0e980774e4ed76b3f93a38

Reviewed: https://review.openstack.org/151664
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=7dd6a4a19311136c02d89cd2afd97236b0f4cc27
Submitter: Jenkins
Branch: master

commit 7dd6a4a19311136c02d89cd2afd97236b0f4cc27
Author: Daniel P. Berrange <email address hidden>
Date: Thu Jan 29 14:33:32 2015 +0000

    libvirt: proper monitoring of live migration progress

    The current live migration code simply invokes migrateToURI
    and waits for it to finish, or raise an exception. It considers
    all exceptions to mean the live migration aborted and the VM is
    still running on the source host. This is totally bogus, as there
    are a number of reasons why an error could be raised from the
    migrateToURI call. There are at least 5 different scenarios for
    what the VM might be doing on source + dest host upon error.
    The migration might even still be going on, even if after the
    error has occurred.

    A more reliable way to deal with this is to actively query
    libvirt for the domain job status. This gives an indication
    of whether the job is completed, failed or cancelled. Even
    with that though, there is a need for a few heuristics to
    distinguish some of the possible error scenarios.

    This change to do active monitoring of the live migration process
    also opens the door for being able to tune live migration on the
    fly to adjust max downtime or bandwidth to improve chances of
    getting convergence, or to automatically abort it after too much
    time has elapsed instead of letting it carry on until the end of
    the universe. This change merely records memory transfer progress
    and leaves tuning improvements to a later date.

    Closes-bug: #1414065
    Change-Id: I6fcbfa31a79c7808c861bb3a84b56bd096882004

Related fix proposed to branch: stable/juno
Review: https://review.openstack.org/162112

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/162113

Sahid, Daniel Berrange, without having had debug enabled, is there a way from "regular" logging for me to determine I'm running into this in Juno. All of the obvious symptoms are there:
Live Migration failed. Instances go to SHUTDOWN. (this when live-migrating to evac a node for maintenance.)

The only sure way to know that you hit this bug is if you see the same VM instance running on two hosts at the same time. It is possible you might see any exception in the Nova compute logs mention migrateToURI in the stack trace, but that's not a 100% reliable test.

Reviewed: https://review.openstack.org/162112
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=6833176b56ecbef9565bccb06a372acba8487691
Submitter: Jenkins
Branch: stable/juno

commit 6833176b56ecbef9565bccb06a372acba8487691
Author: Daniel P. Berrange <email address hidden>
Date: Wed Jan 28 17:46:55 2015 +0000

    libvirt: remove pointless loop after live migration finishes

    The libvirt 'migrateToURI' API(s) all block the caller until the
    live migration operation has completed. As such, the timer call
    used to check if live migration has completed is entirely pointless.
    It appears this is code left over from the very first impl of live
    migration in Nova, when Nova would simply shell out to the 'virsh'
    command instead of using the libvirt APIs. Even back then though
    it looks like it was redundant, since the command being spawned
    would also block until live migration was finished.

    Conflicts:
     nova/virt/libvirt/driver.py

    Related-bug: #1414065
    Change-Id: Ib3906ef8564a986f7c0e980774e4ed76b3f93a38
    (cherry-pick from commit 584a44f0157e84ce0100da6ee4f7b94bbb4088e3)

Change abandoned by sahid (<email address hidden>) on branch: stable/juno
Review: https://review.openstack.org/162113

so this shows that this is fixed in Juno 2014.2.4 but.... there's no info here documenting that. Is it true? The change was abandoned in August.

Med that's likely because there are two patch sets which are related to this fix. The first patch set was to remove a pointless loop after live migration finishes (that one was merged into stable/juno) and the second patch set titled 'proper monitoring of live migration process' (this was not included in stable/juno).