SR-IOV Migration: Move attach SRIOV devices to virt-handler

[ormergi]

What this PR does / why we need it:

Currently when SR-IOV VM is migrated we detach its SR-IOV network devices just before migration
starts and attach similar devices to VM on the target when migration is finished successfully.
Attaching the SR-IOV devices is one-shot operation and is performed one time only at post migration.

Due to the fact that it is a one-shot operation the VM might end up in incomplete state (missing SR-IOV devices)
when a SR-IOV device is disconnected manually or due to aborted migration.
Also the current implementation doesn't follow Kubernetes desire state design that is followed all over the project.

With this PR changes, virt-handler VMController is now aware of the SR-IOV network devices state and reconciles
them which means they will be attached to the VM when needed.
Since attaching SR-IOV host-device is an intrusive operation it will be rate-limited and stops after a while.

Also With this change, when a migration is aborted (due to failure or client request) the SR-IOV devices there were detached will be attached again to the source VM, and in case SR-IOV devices are disconnected from the guest they will be attached
again.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

Special notes for your reviewer:

Release note:

SRIOV network interfaces are now hot-plugged when disconnected manually or due to aborted migrations.

[kubevirt-bot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[ormergi]

/uncc @enp0s3 @vatsalparekh

[ormergi]

/test pull-kubevirt-e2e-kind-1.19-sriov pull-kubevirt-unit-test

[EdDev]

I reviewed the first commit and except the inline comments, it will be nice if you could extract the addition of the new command to a separate commit. The next commit will just user it.
(should help with the review focus)

[ormergi]

/test pull-kubevirt-unit-test pull-kubevirt-e2e-kind-1.19-sriov

[ormergi]

Rebased

/test pull-kubevirt-unit-test pull-kubevirt-e2e-kind-1.19-sriov

[AlonaKaplan]

Why don't you use - vendor/k8s.io/client-go/util/workqueue/rate_limiting_queue.go?
same as the controller.
workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "sriov")

The workqueue.DefaultControllerRateLimiter is ItemExponentialFailureRateLimiter.

[ormergi]

I reviewed its implementation and tried to change the code to use it, I came up to a point where it's basically a controller that requires another goroutine.
With more details, using the workqueue, in this case, includes dequeuing an element, performing the hotplug, and according to the result adding the element back to the queue with the rate-limiter.
Dequeue'ing an element is done with Get() which is a blocking func (until it ables to dequeue an element).

[AlonaKaplan]

I don't understand why this creator is needed. It creates identical instance to LimitedBackoffCreator.baseBackoff. What do I miss?

[ormergi]

As part of LimitedBackoff creation, maxStepTime (time.Now() + limit duration) is set relatively to the time it is created.
If we dont do this, by the time the RateLimitedExecutor will try to Exec(..) it may fail due to the limit time is already passed, if the first time its being called is after the limit time.

[EdDev]

In other words, there is a need to clone baseBackoff each time, but at the same time to stamp it with the time of its instantiation.

[AlonaKaplan]

Why this should be called before we start?

[ormergi]

The tests-clock (fake clock) Now() will return the exact same timestamp as backoff.stepEnd timestamp since both getting the same fake clock.
Causing backoff.Ready to return false, which is expected, thus we need to bump the tests-clock a bit before starting.

[AlonaKaplan]

Please consider moving it under already existing pkg/util/ratelimiter.

[EdDev]

That one is a flowcontrol rate limiter, no idea what it is.. but it is for sure unrelated with an executor/cmd rate limiter.

[AlonaKaplan]

I"m not saying the flowcontrol should be used. Just having the new ratelimiter under the same package.

[ormergi]

I think ratelimitercmd and pkg/util/ratelimiter even tough resembles each other semantically, they are totally two different things.
But I do agree ratelimitercmd should be moved to pkg/util/,
what you think about moving there as is a side to the one that exists?

[AlonaKaplan]

Yes, that's what I meant.

EDIT:
Sorry, misunderstood you, that's not what I meant:)
I meant moving the content of ratelimitercmd to pkg/util/ratelimiter.
I find it weird to have ratelimiter and ratelimitercmd under pkg\util. You can create hierarchy under pkg/util/ratelimiter.

[EdDev]

I do not think anything should be under something called util, and there is nothing in common about ratelimiter as a super-package. Multiple objects may have a ratelimiter behavior, in this case it is a cmd/exec.

How about creating an executor package, which has a ratelimter behavior?
IMO it should have been the same with the other one that exists now, it is a "flowcontrol" thing that has a ratelimiter option and not the other way around.

[AlonaKaplan]

I think the ratelimiter can live by its own and it not only for the executor. The executor is just one usage of the ratelimiter. But I won't block the PR on it.
@ormergi what do you think?

[ormergi]

Thinking of this again, I do agree we should not put it under pkg/util (we had bad experience with util packages..),
the current ratelimiter package we have (the one that warping flowcontrol) should have different name this is what confusing.
If there were more usages for the rate-limiter part (basically backoff.go) of the executor
it would have been natural to put it under its own package pkg/ratelimiter for reuse.
But since there are not other consumers at the moment we can keep it all under one package executor.

If you prefer to have the rate-limiter part (backoff.go) on its own package for viability and encouraging others to use it
we can split the it to two packages pkg/ratelimiter and pkg/executor, and deal with pkg/util/ratelimiter later

pkg/
|_ executor/
|  |_ pool.go
|  |_ executor.go
|    ...
|_ ratelimiter/
   |_ backoff.go

@AlonaKaplan @EdDev WDYT?

[EdDev]

I think it is a property of an executor at the moment. I would only promote it to its own package if another user of it appears.

I think the ratelimiter can live by its own and it not only for the executor

Yes, but it is still a property of the executor and having its own package is just an option if we see it used by another functionality. I do not have one in mind at the moment.
And I also do not like util or have a name that this one can live nicely with the other one you mentioned.

[AlonaKaplan]

Shouldn't you delete the vm from the d.sriovHotplugExecutorPool in this case? All the sriov nics are plugged, the rate limiting backoff should be zeroed.

[ormergi]

Good catch!
Thanks for the heads up, done.

[AlonaKaplan]

Shouldn't you re-enqueue the vmi is such case? How do you make sure that the vmi reconcile will be invoked again?

Also, on our hangouts meeting @EdDev mentioned the d.hotplugSriovInterfaces is async. In such case even if an error is not returned, the operation may fail. How do we make sure the vmi reconcile in called again?

[ormergi]

In general, currently when not all SR-IOV interfaces are plugged we dont change the VM phase to failing, we do best effort to do the hotplug w/o disrupting the VM update flow similar to how it was before this PR changes.
Having that being said, it may change in the future.

virt-launcher domain-notifier sends (Modified) event periodically that triggers virt-handler to perform VMI sync that eventually calles hotplugSriovInterfaces that does the hotplug.

On SR-IOV VM's logs there are periodic "Synced VMI" log messages every 1 minute or so.
And on virt-handler I added some debug messages to indicate a VM update and SR-IOV hotplug, both are seen periodically.
I will add references to the code soon

[AlonaKaplan]

So you're saying the re-enqueqe we do in the controller is redundant?
The reconcile for the vmi is periodically invoked anyway?

EDIT: or what you're saying is that in the sriov hotplug case the re-enqueue is not needed since the vm is running and for running vm we have periodic reconcile?

[ormergi]

EDIT: or what you're saying is that in the sriov hotplug case the re-enqueue is not needed since the vm is running and for running vm we have periodic reconcile?

Yes.
Regarding the periodic VMI sync here are the references to what I described earlier:
The domains informer on virt-handler, triggers a VMI sync every 5 minutes [1] [2] [3] [4]
Other than that, virt-launcher domain-notifier client triggers a VMI sync (by sending domain modified event) every two minutes when QEMU guest-agent presents [5] [6] [7] [8] [9] [10]

[AlonaKaplan]

/approve

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AlonaKaplan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [AlonaKaplan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ormergi]

Following offline discussion about how this PR changes affect SR-IOV hotplug on old virt-launcher pods and backward comparability in general.
I did some testing on my local env that emulating different stages of Kubevirt during an upgrade in order to verify that SR-IOV hotplug is performed as expected.
link to the my test branch

There are two interesting scenarios:

1. When a VM is migrated to a node that runs old version of virt-handler (w/o this PR changes), and new virt-launcher migration target pod (includes this PR changes)
   For example: when Kubevirt was upgraded but there is a node still running old virt-handler and there is SR-IOV VM migration to that node.
   virt-handler sends FinalizeVirtualMachineMigration command as part of post migration on target flow.
   But new virt-launcher doesn't attach host-devices as part of FinalizeVirtualMachineMigration any longer.
   Thus SR-IOV interfaces are not plugged to the guest at the end of the migration.
   Once virt-handler is upgraded it will send HotplugHostDevices as part of the reconcile loop that will trigger
   virt-launcher to attach the host-devices.

This is transient state as we expect all virt-handler pods to eventually upgrade as part of Kubevirt upgrade.

2. When a VM is migrated to a node that runs new virt-handler and virt-launcher migration target pod is old (w/o this PR changes).
   For example: when Kubevirt is upgrading and virt-handler pods just finished its upgrade.
   virt-handler sends FinalizeVirtualMachineMigration command as part of post migration on target flow.
   old virt-launcher attach host-devices as part of FinalizeVirtualMachineMigration, but fails due to QEMU process lack of resources:

{"component":"virt-launcher","level":"error","msg":"cannot limit locked memory of process 117 to 1586495488: Operation not permitted","pos":"virProcessSetMaxMemLock:962","subcomponent":"libvirt","thread":"51","timestamp":"2022-01-18T15:46:56.085000Z"}
{"component":"virt-launcher","level":"error","msg":""msg":"failed to hot-plug host-devices","name":"testvmi-bcxxb","namespace":"kubevirt-test-default1","pos":"live-migration-target.go:42",
"reason":"failed to attach host-device \u003chostdev type=\"pci\" managed=\"no\"\u003e\u003csource\u003e\u003caddress type=\"pci\" domain=\"0x0000\" bus=\"0x04\" slot=\"0x07\" function=\"0x0\"\u003e\u003c/address\u003e\u003c/source\u003e\u003calias name=\"ua-sriov-sriov\"\u003e\u003c/alias\u003e\u003c/hostdev\u003e, 
err: virError(Code=38, Domain=0, Message='cannot limit locked memory of process 117 to 65536: Operation not permitted')\n","timestamp":"2022-01-18T15:46:56.091744Z","uid":"da2b6fb3-faef-4546-adcc-f44c76e1e2ba"}

Next, when the migration is completed and virt-handler now switched to the regular "vmUpdate" flow, it will send HotplugHostDevices command as part of the reconciliation loop, but old virt-launcher does not support it and return the following error:

"failed to hot-plug SR-IOV interfaces: unknown error encountered sending command HotplugHostDevices: rpc error: code = Unimplemented desc = unknown method HotplugHostDevices for service"

To solve this and support old virt-launcher pods it is necessary that make virt-handler keep adjusting QEMU process memloc limits (which is pre-requirement for attaching SRI-IOV host-device) as part of post migration on target node.

I have pushed new changes to fix it.

[ormergi]

I accidentally pushed wrong change along with the one that was needed [1], I have pushed new change to remove just that [2].

[ormergi]

/hold

Placing hold until we have more eyes on it

[EdDev]

Thank you, the result looks really good!

[EdDev]

@AlonaKaplan , this change was added (after your approve) to support the (edge) scenario where a new virt-handler handles the migration target of an old virt-launcher.

It was explained in detail here.

I think we are good to go.

[EdDev]

/unhold

We seem to be good, lets have this in.

[kubevirt-commenter-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs.
Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

[kubevirt-bot]

@ormergi: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-kubevirt-e2e-k8s-1.20-sig-network	fcef8f3	link	true	/test pull-kubevirt-e2e-k8s-1.20-sig-network

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[kubevirt-commenter-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs.
Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

[phoracek]

/cherry-pick release-0.49

[kubevirt-bot]

@phoracek: new pull request created: #8560

In response to this:

/cherry-pick release-0.49

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.