design-proposal: Generating disk serial numbers #305
Conversation
kubevirt-bot
added
the
dco-signoff: no
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
akrejcir
force-pushed
the
disk-serial-proposal
branch
from
2ac6a4a to
0522553
Compare
kubevirt-bot
added
dco-signoff: yes
|
@aglitke , can someone from the storage team take a look, if this approach is good? |
akrejcir
force-pushed
the
disk-serial-proposal
branch
from
0522553 to
9aaec11
Compare
| ## Motivation | ||
| Some applications running in the VM require the disk serial number to be defined and persistent across reboots. | ||
| Generating the serial reduces manual configuration, and in the future it can be part of a `VirtualMachinePreference` for the OS. | ||
|
|
There was a problem hiding this comment.
Is there a reference (doc or implemention) how this is addressed in other virtualization management system, especially oVirt and OpenStack?
There was a problem hiding this comment.
I will check oVirt code.
@lyarwood , do you know how this is done in OpenStack? Or can you point me to docs or source, where I could find it?
There was a problem hiding this comment.
@akrejcir we talked about introducing persistent serials for the longest time but could never implement it due to a mountain of tech debt we had in the codebase. The following design was as far as we got:
https://specs.openstack.org/openstack/nova-specs/specs/stein/approved/local-disk-serial-numbers.html
There was a problem hiding this comment.
Thanks!
oVirt uses the disk GUID as a serial number. It would be similar if we used the UID of a PVC.
|
|
||
| One possibility is to store it in an annotation on the PVC object. | ||
| The annotation would be created when the VMI is created. | ||
| Then it will be read by `virt-handler` when creating libvirt domain XML. |
There was a problem hiding this comment.
Why don't we just persist all serial numbers in the Status of the VirtualMachine?
There was a problem hiding this comment.
I think the status may be emptied by a GitOps controller, when it creates a new version of the VM. I will check.
I will add this possibility to the document for discussion.
There was a problem hiding this comment.
We should be ignoring any updates of Status outside of the /Status subresource IIRC so I don't think a GitOps workflow would overwrite it here. That's why we are looking to move instance type metadata out of the Spec etc.
The PUT and POST verbs on objects MUST ignore the status values, to avoid accidentally overwriting the status in read-modify-write scenarios. A /status subresource MUST be provided to enable system components to update statuses of resources they manage.
There was a problem hiding this comment.
Thanks. It could work. I will add it to the design document.
There was a problem hiding this comment.
Same question as for instancetypes. What if the status needs to be recreated? Where is the ID derived from? Can we recreate the same ID if the status needs to be recreated from scratch?
There was a problem hiding this comment.
That is the main issue with this approach.
If we could deterministically generate the serial number, then we don't need to store it in .status.
In this case, the serial number is randomly generated, so it needs to be stored somewhere. If .status is recreated, then a new number is generated.
|
|
||
| - Do we want the serials to be generated by default on all VMs, | ||
| or do we want a configuration option to enable it? | ||
| - Where is a good place for the `generateDiskSerials` field? |
There was a problem hiding this comment.
spec.template.spec.domain.devices.generateDiskSerials of the VirtualMachine IMHO
| ## Motivation | ||
| Some applications running in the VM require the disk serial number to be defined and persistent across reboots. | ||
| Generating the serial reduces manual configuration, and in the future it can be part of a `VirtualMachinePreference` for the OS. | ||
|
|
There was a problem hiding this comment.
@akrejcir we talked about introducing persistent serials for the longest time but could never implement it due to a mountain of tech debt we had in the codebase. The following design was as far as we got:
https://specs.openstack.org/openstack/nova-specs/specs/stein/approved/local-disk-serial-numbers.html
akrejcir
force-pushed
the
disk-serial-proposal
branch
from
9aaec11 to
735359c
Compare
This design introduces automatic generation of serial numbers for disks. Signed-off-by: Andrej Krejcir <[email protected]>
akrejcir
force-pushed
the
disk-serial-proposal
branch
from
735359c to
d0d0377
Compare
|
|
||
| # Design | ||
|
|
||
| A new boolean option `generateDiskSerials` will be added to the VMI `.spec`. |
There was a problem hiding this comment.
Do we really need an option for it? What's the default right now? Is it 123456789, which means nobody cares about it anyway? Can't we just enable it if the ID was not set manually?
There was a problem hiding this comment.
The default right now is no serial number. The <serial> tag in the libvirt domain XML is not specified.
We could enable it by default for all disks. That is one of the open questions in this design.
I'm unsure if it may confuse guests on existing VMs, if the disk will have a serial that it didn't have before.
|
|
||
| One possibility is to store it in an annotation on the PVC object. | ||
| The annotation would be created when the VMI is created. | ||
| Then it will be read by `virt-handler` when creating libvirt domain XML. |
There was a problem hiding this comment.
Same question as for instancetypes. What if the status needs to be recreated? Where is the ID derived from? Can we recreate the same ID if the status needs to be recreated from scratch?
|
|
||
|
|
||
| ### Storing it in the `status` of the VM | ||
| Serial numbers will be stored in the `.status` of the VM. |
There was a problem hiding this comment.
How to restore / transfer a VM with the serial number? IIUC you are not allowed to write to the status of a K8S object.
There was a problem hiding this comment.
I've checked the code, and the .status of a VM is not stored into the snapshot.
There was a problem hiding this comment.
I think @0xFelix 's point was that we then need a way of persisting the serial in the core spec of a VirtualMachine during a snapshot so that we can then restore the status (and the state of the VM) later.
| - It may be an unexpected place to store persistent information that cannot be regenerated if `.status` is wiped. | ||
|
|
||
|
|
||
| ### Deterministic generation |
There was a problem hiding this comment.
I like this approach the most. Basically a stateless approach without configurables.
There was a problem hiding this comment.
It would be the best choice, if it can be compatible with storage migration.
| Then the rest of the document describes details of option: **Annotation on the PVC object**. | ||
|
|
||
| ### Annotation on the PVC object | ||
| The serial number will be stored as an annotation on the PVC object. It would be created when the VMI is created. |
There was a problem hiding this comment.
This will require some component to have PVC write permissions.
| so it has to be stored somewhere, or generated deterministically. | ||
|
|
||
| This section lists several options how to store serial numbers. | ||
| Then the rest of the document describes details of option: **Annotation on the PVC object**. |
There was a problem hiding this comment.
Generally speaking the ID can be scoped in two ways:
- VM/I Internal - serial is only defined/kept within the VM/I bject
- VM/I external - serial is sourced from an external object - this is the case with the PVC annotation approach
If it's internal, then usually the requirements of a persistent serial number are met, however, it could lead to trouble if a volume is changed on a VMI, or if a volume is used on multiple VMIs.
If it is external, then we also meet the requirement of a persistent serial number, the same volume will get the same serial whenever attached to a VM that's good for vols attached to multi VMs, however, we need to think about cloning, and restore, and what it means for disk serial numbers. Something also requires permissionsto write the PVC.
Just to name a few things.
| - Serial is clearly visible to anyone who can read PVC. | ||
|
|
||
| #### Disadvantages: | ||
| - Does not store serials for other volume types except PVC. |
There was a problem hiding this comment.
Requires additional permissions to write PVCs
| - We don't need to store anything. | ||
|
|
||
| #### Disadvantages: | ||
| - If the storage is migrated to a PVC with different metadata, it would change the serial number. |
There was a problem hiding this comment.
Storage class migration requires one to create new PVCs as the target of the migration. So there will be new PVCs. PVCs themselves are mostly immutable, in particular the name is immutable.
| metadata: | ||
| name: example-pvc | ||
| annotations: | ||
| kubevirt.io/disk-serial: 123456789 # <-- new annotation |
There was a problem hiding this comment.
please use vm.kubevirt.io/disk-serial
cc @EdDev @alaypatel07 can we have api conventions? Possibly worth to standardize how we prefix annotations accross kubevirt.
|
|
||
| ## Update/Rollback Compatibility | ||
| The feature is backward compatible. Existing VMs remain unaffected unless the new field is set. | ||
| Rollback ignores the new field. |
There was a problem hiding this comment.
We should check todays state:
If a serial is not specified, between VM start, stop, start, does the serial of the disk inside the VM change?
If it is the same serial, then we might need a migraiton plan.
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
kubevirt-bot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
kubevirt-bot
removed
the
lifecycle/stale
|
/sig compute |
What this PR does / why we need it:
This design introduces automatic generation of serial numbers for disks.
Issue:
https://issues.redhat.com/browse/CNV-39082
Checklist
This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.
Release note: