[SRU] live migration break the anti-affinity policy of server group simultaneously
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Boxiang Zhu | ||
Train |
Fix Committed
|
Undecided
|
Unassigned | ||
Ussuri |
Fix Released
|
Undecided
|
Unassigned | ||
Victoria |
Fix Released
|
Undecided
|
Unassigned | ||
Wallaby |
Fix Released
|
Undecided
|
Unassigned | ||
Ubuntu Cloud Archive |
Fix Released
|
Undecided
|
Unassigned | ||
Stein |
Fix Released
|
Undecided
|
Unassigned | ||
Train |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
-------
NOTE: SRU template at the bottom
-------
Description
===========
If we live migrate two instance simultaneously, the instances will break the instance group policy.
Steps to reproduce
==================
OpenStack env with three compute nodes(node1, node2 and node3). Then we create two VMs(vm1, vm2) with the anti-affinity policy.
At last, we live migrate two VMs simultaneously.
Before live-migration, the VMs are located as followed:
node1 -> vm1
node2 -> vm2
node3
* nova live-migration vm1
* nova live-migration vm2
Expected result
===============
Fail to live migrate vm1 and vm2.
Actual result
=============
node1
node2
node3 -> vm1,vm2
Environment
===========
master branch of openstack
As described above, the live migration could not check the in-progress live-migration and just select the host by scheduler filter. So that they are migrated to the same host.
-------
===============
SRU Description
===============
[Impact]
When performing multiple live migration, cold migration or resize simultaneously, the affinity or anti-affinity policy is violated, allowing the migrated VM to land in a host that conflicts with the policy.
[Test case]
1. Setting up the env
1a. Deploy env with 5 compute nodes
1b. Confirm that all nodes have the same CPU architecture (so live-migration works between them) either by running lscpu or "openstack hypervisor show <node>" on each of the nodes
1c. Create anti-affinity policy
openstack server group create anti-aff --policy anti-affinity
1c. Create flavor
openstack flavor create --vcpu 1 --ram 1024 --disk 0 --id 100 test-flavor
1d. Create volumes
openstack volume create --image cirros --size 1 vol1
openstack volume create --source vol1 --size 1 vol2 && openstack volume create --source vol1 --size 1 vol3
2. Prepare to reproduce the bug
2a. Get group ID
GROUP_ID=
2b. Create VMs
openstack server create --network private --volume vol1 --flavor 100 --hint group=$GROUP_ID ins1 && openstack server create --network private --volume vol2 --flavor 100 --hint group=$GROUP_ID ins2 && openstack server create --network private --volume vol3 --flavor 100 --hint group=$GROUP_ID ins3
2c. Confirm each one is in a different host by running "openstack server list --long" and take note of the hosts
3. Reproducing the bug (Live migration)
3a. Perform set of steps (2) if hasn't.
3b. openstack server migrate ins1 --live-migration & openstack server migrate ins2 --live-migration & openstack server migrate ins3 --live-migration
3c. watch "openstack server list --long" until all migrations are finished
3d. Confirm that at least 1 host is in the same host as another host. Otherwise, repeat steps 3a - 3c.
4. Reproducing the bug (Cold Migration)
4a. Perform set os steps (2) if hasn't
4b. openstack server migrate ins1 & openstack server migrate ins2 & openstack server migrate ins3
4c. watch "openstack server list --long" until all statuses are "VERIFY_RESIZE"
4d. Confirm that at least 1 host is in the same host as another host. Otherwise, repeat steps 4a - 4c.
4e. Confirm all the resizes running "openstack server resize confirm <vm>"
5a. Install package that contains the fixed code on all compute nodes
5b. Cleanup all the VMs
6. Confirm fix (Live migration)
6a. Perform steps 3a - 3c
6b. Confirm there are no VMs in the same hosts nor VMs with ERROR status.
6c. Confirm there are VMs that have ACTIVE status and did not move hosts. Otherwise, repeat step 6a.
6d. Run "openstack server event list <vm-id>, then "openstack server event show <vm-id> <req-id>" for the live-migration event of the VMs assessed in step 6c. Confirm the "message" field is "error" and the traceback is part of the "compute_
6e. Check the logs for messages related to the VMs assessed in step (6c), where:
- For compute_
- For compute_
7. Confirm fix (Cold migration)
7a. Perform steps 4a - 4c, while taking note of the the timestamp (by running $(date)) before running the migration command
7b. Confirm there are no VMs in the same same hosts nor VMs with ERROR status. There should be VMs with "VERIFY_RESIZE" and "ACTIVE" statuses. If there are no ACTIVE instances, confirm the resizes and repeat step 7a.
7c. For the ones that are ACTIVE, check logs for error messages. There should be message with error about "anti-affinity":
egrep -rnIi "3e926491-
/var/log/
7d. Confirm that the log timestamp matches a few seconds after the migration command was issued.
7e. Run "openstack server event list <vm-id>", then "openstack server event show <vm-id> <req-id>" for the migration event. Confirm the "message" field is "error" and the "events" field include a "No Valid Host" final message, with the "compute_
[Regression Potential]
Part of the new code path has been tested in upstream CI in happy migration paths. Concurrency has not been tested in the CI to trigger the error in a negative test. The exception handling code is executed only in case the exception is raised (in case of policy violation), so this code path is being tested manually as part of the upstream patch work and SRU.
[Other Info]
None
Related branches
- Chris MacNaughton: Pending requested
-
Diff: 480 lines (+458/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/lp1821755.patch (+450/-0)
debian/patches/series (+1/-0)
- Chris MacNaughton: Pending requested
-
Diff: 478 lines (+454/-1)3 files modifieddebian/changelog (+10/-1)
debian/patches/lp1821755.patch (+443/-0)
debian/patches/series (+1/-0)
description: | updated |
tags: | added: live-migration scheduler |
description: | updated |
summary: |
- live migration break the anti-affinity policy of server group + [SRU] live migration break the anti-affinity policy of server group simultaneously |
description: | updated |
Changed in cloud-archive: | |
status: | New → Fix Released |
tags: | added: sts-sru-needed |
tags: | added: sts |
This is a long-standing known issue I believe, same for server build and evacuate (evacuate was fixed later in Rocky I think). There is a late affinity check in the compute service to check for the race in the scheduler and then reschedule for server create to another host, or fail in the case of evacuate. There is no such late affinity check for other move operations like live migration, cold migration (resize) or unshelve.
I believe StarlingX's nova fork has some server group checks in the live migration task though, so maybe those fixes could be 'upstreamed' to nova:
https:/ /github. com/starlingx- staging/ stx-nova/ blob/3155137b8a 0f00cfdc534e428 037e1a06e98b871 /nova/conductor /tasks/ live_migrate. py#L88
Looking at that StarlingX code, they basically check to see if the server being live migrated is in an anti-affinity group and if so they restrict scheduling via external lock to one live migration at a time, which might be OK in a small edge node with 1-2 compute nodes but would be pretty severe in a large public cloud with lots of concurrent live migrations. Granted it's only the scheduling portion of the live migration task, not the actual live migration of the guest itself once a target host is selected. I'm also not sure if that external lock would be sufficient if you have multiple nova-conductors running on different hosts unless you were using a distributed lock manager like etcd, which nova upstream does not use (I'm not sure if oslo.concurrency can be configured for etcd under the covers or not).
Long-term this should all be resolved with placement when we can model affinity and anti-affinity in the placement service.