Merge pull request #544 from rgooch/master

Add optional destroy protection for running VMs.
Symantec · Dec 26, 2018 · 276a623 · 276a623
2 parents 54608bd + d162473
commit 276a623
Show file tree

Hide file tree

Showing 8 changed files with 105 additions and 0 deletions.
diff --git a/cmd/vm-control/changeVmDestroyProtection.go b/cmd/vm-control/changeVmDestroyProtection.go
@@ -0,0 +1,50 @@
+package main
+
+import (
+	"fmt"
+	"net"
+	"os"
+
+	"github.com/Symantec/Dominator/lib/errors"
+	"github.com/Symantec/Dominator/lib/log"
+	proto "github.com/Symantec/Dominator/proto/hypervisor"
+)
+
+func changeVmDestroyProtectionSubcommand(args []string,
+	logger log.DebugLogger) {
+	if err := changeVmDestroyProtection(args[0], logger); err != nil {
+		fmt.Fprintf(os.Stderr, "Error changing VM destroy protection: %s\n",
+			err)
+		os.Exit(1)
+	}
+	os.Exit(0)
+}
+
+func changeVmDestroyProtection(vmHostname string,
+	logger log.DebugLogger) error {
+	if vmIP, hypervisor, err := lookupVmAndHypervisor(vmHostname); err != nil {
+		return err
+	} else {
+		return changeVmDestroyProtectionOnHypervisor(hypervisor, vmIP, logger)
+	}
+}
+
+func changeVmDestroyProtectionOnHypervisor(hypervisor string, ipAddr net.IP,
+	logger log.DebugLogger) error {
+	request := proto.ChangeVmDestroyProtectionRequest{
+		DestroyProtection: *destroyProtection,
+		IpAddress:         ipAddr,
+	}
+	client, err := dialHypervisor(hypervisor)
+	if err != nil {
+		return err
+	}
+	defer client.Close()
+	var reply proto.ChangeVmOwnerUsersResponse
+	err = client.RequestReply("Hypervisor.ChangeVmDestroyProtection",
+		request, &reply)
+	if err != nil {
+		return err
+	}
+	return errors.New(reply.Error)
+}
diff --git a/cmd/vm-control/createVm.go b/cmd/vm-control/createVm.go
@@ -96,6 +96,7 @@ func createVmOnHypervisor(hypervisor string, logger log.DebugLogger) error {
 	request := hyper_proto.CreateVmRequest{
 		DhcpTimeout: *dhcpTimeout,
 		VmInfo: hyper_proto.VmInfo{
+			DestroyProtection:  *destroyProtection,
 			Hostname:           *vmHostname,
 			MemoryInMiB:        uint64(memory >> 20),
 			MilliCPUs:          *milliCPUs,

diff --git a/cmd/vm-control/main.go b/cmd/vm-control/main.go
@@ -18,6 +18,8 @@ import (
 var (
 	adjacentVM = flag.String("adjacentVM", "",
 		"IP address of VM adjacent (same Hypervisor) to VM being created")
+	destroyProtection = flag.Bool("destroyProtection", false,
+		"If true, do not destroy running VM")
 	dhcpTimeout = flag.Duration("dhcpTimeout", time.Minute,
 		"Time to wait before timing out on DHCP request from VM")
 	fleetManagerHostname = flag.String("fleetManagerHostname", "",
@@ -93,6 +95,7 @@ func printUsage() {
 	flag.PrintDefaults()
 	fmt.Fprintln(os.Stderr, "Commands:")
 	fmt.Fprintln(os.Stderr, "  become-primary-vm-owner IPaddr")
+	fmt.Fprintln(os.Stderr, "  change-vm-destroy-protection IPaddr")
 	fmt.Fprintln(os.Stderr, "  change-vm-owner-users IPaddr")
 	fmt.Fprintln(os.Stderr, "  change-vm-tags IPaddr")
 	fmt.Fprintln(os.Stderr, "  create-vm")
@@ -135,6 +138,7 @@ type subcommand struct {
 
 var subcommands = []subcommand{
 	{"become-primary-vm-owner", 1, 1, becomePrimaryVmOwnerSubcommand},
+	{"change-vm-destroy-protection", 1, 1, changeVmDestroyProtectionSubcommand},
 	{"change-vm-owner-users", 1, 1, changeVmOwnerUsersSubcommand},
 	{"change-vm-tags", 1, 1, changeVmTagsSubcommand},
 	{"create-vm", 0, 0, createVmSubcommand},

diff --git a/hypervisor/manager/api.go b/hypervisor/manager/api.go
@@ -102,6 +102,11 @@ func (m *Manager) ChangeOwners(ownerGroups, ownerUsers []string) error {
 	return m.changeOwners(ownerGroups, ownerUsers)
 }
 
+func (m *Manager) ChangeVmDestroyProtection(ipAddr net.IP,
+	authInfo *srpc.AuthInformation, destroyProtection bool) error {
+	return m.changeVmDestroyProtection(ipAddr, authInfo, destroyProtection)
+}
+
 func (m *Manager) ChangeVmOwnerUsers(ipAddr net.IP,
 	authInfo *srpc.AuthInformation, extraUsers []string) error {
 	return m.changeVmOwnerUsers(ipAddr, authInfo, extraUsers)

diff --git a/hypervisor/manager/vm.go b/hypervisor/manager/vm.go
@@ -226,6 +226,7 @@ func (m *Manager) allocateVm(req proto.CreateVmRequest,
 	vm := &vmInfoType{
 		VmInfo: proto.VmInfo{
 			Address:            address,
+			DestroyProtection:  req.DestroyProtection,
 			Hostname:           req.Hostname,
 			ImageName:          req.ImageName,
 			ImageURL:           req.ImageURL,
@@ -276,6 +277,18 @@ func (m *Manager) becomePrimaryVmOwner(ipAddr net.IP,
 	return nil
 }
 
+func (m *Manager) changeVmDestroyProtection(ipAddr net.IP,
+	authInfo *srpc.AuthInformation, destroyProtection bool) error {
+	vm, err := m.getVmLockAndAuth(ipAddr, true, authInfo, nil)
+	if err != nil {
+		return err
+	}
+	defer vm.mutex.Unlock()
+	vm.DestroyProtection = destroyProtection
+	vm.writeAndSendInfo()
+	return nil
+}
+
 func (m *Manager) changeVmOwnerUsers(ipAddr net.IP,
 	authInfo *srpc.AuthInformation, extraUsers []string) error {
 	vm, err := m.getVmLockAndAuth(ipAddr, true, authInfo, nil)
@@ -557,6 +570,9 @@ func (m *Manager) destroyVm(ipAddr net.IP, authInfo *srpc.AuthInformation,
 	case proto.StateStarting:
 		return errors.New("VM is starting")
 	case proto.StateRunning:
+		if vm.DestroyProtection {
+			return errors.New("cannot destroy running VM when protected")
+		}
 		vm.setState(proto.StateDestroying)
 		vm.commandChannel <- "quit"
 	case proto.StateStopping:

diff --git a/hypervisor/rpcd/api.go b/hypervisor/rpcd/api.go
@@ -52,6 +52,7 @@ func Setup(manager *manager.Manager, dhcpServer DhcpServer,
 		PublicMethods: []string{
 			"AcknowledgeVm",
 			"BecomePrimaryVmOwner",
+			"ChangeVmDestroyProtection",
 			"ChangeVmOwnerUsers",
 			"ChangeVmTags",
 			"CommitImportedVm",

diff --git a/hypervisor/rpcd/changeVmDestroyProtection.go b/hypervisor/rpcd/changeVmDestroyProtection.go
@@ -0,0 +1,18 @@
+package rpcd
+
+import (
+	"github.com/Symantec/Dominator/lib/errors"
+	"github.com/Symantec/Dominator/lib/srpc"
+	"github.com/Symantec/Dominator/proto/hypervisor"
+)
+
+func (t *srpcType) ChangeVmDestroyProtection(conn *srpc.Conn,
+	request hypervisor.ChangeVmDestroyProtectionRequest,
+	reply *hypervisor.ChangeVmDestroyProtectionResponse) error {
+	*reply = hypervisor.ChangeVmDestroyProtectionResponse{
+		errors.ErrorToString(
+			t.manager.ChangeVmDestroyProtection(request.IpAddress,
+				conn.GetAuthInformation(),
+				request.DestroyProtection))}
+	return nil
+}
diff --git a/proto/hypervisor/messages.go b/proto/hypervisor/messages.go
@@ -60,6 +60,15 @@ type ChangeOwnersResponse struct {
 	Error string
 }
 
+type ChangeVmDestroyProtectionRequest struct {
+	DestroyProtection bool
+	IpAddress         net.IP
+}
+
+type ChangeVmDestroyProtectionResponse struct {
+	Error string
+}
+
 type ChangeVmOwnerUsersRequest struct {
 	IpAddress  net.IP
 	OwnerUsers []string
@@ -413,6 +422,7 @@ type UpdateSubnetsResponse struct {
 
 type VmInfo struct {
 	Address            Address
+	DestroyProtection  bool   `json:",omitempty"`
 	Hostname           string `json:",omitempty"`
 	ImageName          string `json:",omitempty"`
 	ImageURL           string `json:",omitempty"`