[LXD] Cluster member evacuation

Jimbo · June 17, 2021, 8:25am

If evacuate is used, then return, admit,restore seem to be easy to work with and describe what is being done.

Another idea, is drop the evacuation term, and use maintenance so
lxc cluster maintenance start
lxc cluster maintenance end

Just throwing some ideas.

monstermunchkin · June 17, 2021, 2:04pm

We also need a new column evacuated (bool) in the nodes table.

stgraber · June 17, 2021, 2:11pm

I think we need to add a state column and get rid of the current pending column.

monstermunchkin · June 17, 2021, 2:14pm

OK. Possible states would then be pending, evacuated and operational?

stgraber · June 17, 2021, 2:22pm

We’d probably line things up with network and storage, so:

pending
created
evacuated

But as integers in the DB with consts in lxd/db/

monstermunchkin · June 17, 2021, 2:37pm

But as integers in the DB with consts in lxd/db/

Yeah, we can simply rename the pending column as that’s an integer.

stgraber · June 22, 2021, 4:01pm

The API will be a operation (async) and should include state updates (UpdateMetadata) to indicate what instance is being evacuated (Stopping instance XYZ in project XYZ, Migrating instance XYZ in project XYZ to XYZ, Starting instance XYZ in project XYZ).

This will then show up in the CLI when you run lxc cluster evacuate

stgraber · July 30, 2021, 2:56am

Marked this as implemented. The code was merged today and I just sent an additional PR to improve documentation coverage for it. It’ll be available to users in LXD 4.17.

nateybobo · August 8, 2021, 4:30am

I’ve been waiting for something like a “maintenance mode” for a long time, and I’m excited to see it happening!

Can you give some technical details surrounding the requirements for this?

I’m wondering if this is some sort of backend lxc move where the container has to stop, move, and then start. Or if it’s a live migration where I need to figure out CRIU and Ceph ahead of time for each node in my cluster.

stgraber · August 9, 2021, 3:03am

Currently there are 3 options (for cluster.evacuate):

auto (will migrate unless the instance relies on devices which can’t be moved)
migrate (forces a migration but may fail if devices are incompatible with target)
stop (just stops the instance, won’t attempt to move)

Currently all our migrate are cold migration, so the evacuation will perform a clean shutdown of the instance (up to timeout from boot.host_shutdown_timeout), then move it to a new cluster member and then start it back up. Stopped instances are also moved away.

If you’re on ceph, the downtime is much shorter as no data needs to be transferred over the network. For those instances that aren’t on ceph, then they’ll get migrated the same way lxc move would do it.

sdeziel · August 9, 2021, 12:40pm

FYI, Ganeti (another cluster manager) uses failover (offline move) and migrate (online/live-move).

stgraber · August 9, 2021, 2:10pm

In our case, the intent is to add live-migrate once we have it working with VMs and have auto default tolive-migrate for any instance matching the required config, then migrate for those that don’t and finally stop for those that can’t be migrated.

That way you should always get the best possible behavior.