CA-86573: When HA is enabled on a pool, forbid the deletion of a bond…

… if it is the mgmt interface Signed-off-by: Vincent Bernardoff <vincent.bernardoff@ocamlpro.com>
johnelse · Jul 25, 2012 · 9b06719 · 9b06719
1 parent 1e7055c
commit 9b06719
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/ocaml/idl/api_errors.ml b/ocaml/idl/api_errors.ml
@@ -357,7 +357,7 @@ let ha_host_cannot_access_statefile = "HA_HOST_CANNOT_ACCESS_STATEFILE"
 
 let ha_failed_to_form_liveset = "HA_FAILED_TO_FORM_LIVESET"
 
-let ha_cannot_bond_management_iface = "HA_CANNOT_BOND_MANAGEMENT_IFACE"
+let ha_cannot_change_bond_status_of_mgmt_iface = "HA_CANNOT_CHANGE_BOND_STATUS_OF_MGMT_IFACE"
 
 (* CA-16480: prevent configuration errors which nullify xHA goodness *)
 let ha_constraint_violation_sr_not_shared = "HA_CONSTRAINT_VIOLATION_SR_NOT_SHARED"

diff --git a/ocaml/idl/datamodel.ml b/ocaml/idl/datamodel.ml
@@ -1032,8 +1032,8 @@ let _ =
     ~doc:"This operation cannot be performed because it would invalidate VM failover planning such that the system would be unable to guarantee to restart protected VMs after a Host failure."
     ();
 
-	error Api_errors.ha_cannot_bond_management_iface [ ]
-		~doc:"This operation cannot be performed because creating a bond with the management interface is not allowed while HA is on. In order to do that, disable HA, create the bond then re-enable HA."
+	error Api_errors.ha_cannot_change_bond_status_of_mgmt_iface [ ]
+		~doc:"This operation cannot be performed because creating or deleting a bond involving the management interface is not allowed while HA is on. In order to do that, disable HA, create or delete the bond then re-enable HA."
 		();
 
   error Api_errors.cannot_evacuate_host ["errors"]

diff --git a/ocaml/xapi/xapi_bond.ml b/ocaml/xapi/xapi_bond.ml
@@ -306,7 +306,7 @@ let create ~__context ~network ~members ~mAC ~mode ~properties =
 			then raise (Api_errors.Server_error (Api_errors.is_tunnel_access_pif, [Ref.string_of self]));
 			let pool = List.hd (Db.Pool.get_all ~__context) in
 			if Db.Pool.get_ha_enabled ~__context ~self:pool && Db.PIF.get_management ~__context ~self
-			then raise (Api_errors.Server_error(Api_errors.ha_cannot_bond_management_iface, []));
+			then raise (Api_errors.Server_error(Api_errors.ha_cannot_change_bond_status_of_mgmt_iface, []));
 		) members;
 		let hosts = List.map (fun self -> Db.PIF.get_host ~__context ~self) members in
 		if List.length (List.setify hosts) <> 1
@@ -424,6 +424,11 @@ let destroy ~__context ~self =
 		let local_vlans = Db.PIF.get_VLAN_slave_of ~__context ~self:master in
 		let local_tunnels = Db.PIF.get_tunnel_transport_PIF_of ~__context ~self:master in
 
+		(* CA-86573: forbid the deletion of a bond involving the mgmt interface if HA is on *)
+		let pool = List.hd (Db.Pool.get_all ~__context) in
+		if Db.Pool.get_ha_enabled ~__context ~self:pool && Db.PIF.get_management ~__context ~self:master
+		then raise (Api_errors.Server_error(Api_errors.ha_cannot_change_bond_status_of_mgmt_iface, []));
+
 		(* Copy IP configuration from master to primary member *)
 		copy_configuration ~__context master primary_slave;