CA-94283: Block VDI-Destroy while HA Enabling/Disabling is in progress

1) Adding new fields to pool-record:
   current_operations and allowed_operations.
2) Block HA `metadata` and `statefile` VDIs deletion while
   HA Enabling/Disabling is in progress.

Signed-off-by: Sharad Yadav <[email protected]>

Author: sharady

ocaml/client_records/record_util.ml

@@ -82,6 +82,10 @@ let string_to_vm_operation x =
   then (raise (Api_errors.Server_error(Api_errors.invalid_value, [ "blocked_operation"; x ])))
   else List.assoc x table
 
+let pool_operation_to_string = function
+  | `ha_enable -> "ha_enable"
+  | `ha_disable -> "ha_disable"
+
 let host_operation_to_string = function
   | `provision -> "provision"
   | `evacuate -> "evacuate"

ocaml/client_records/records.ml

@@ -480,6 +480,12 @@ let pool_record rpc session_id pool =
 				~add_to_map:(fun k v -> Client.Pool.add_to_other_config rpc session_id pool k v)
 				~remove_from_map:(fun k -> Client.Pool.remove_from_other_config rpc session_id pool k)
 				~get_map:(fun () -> (x ()).API.pool_other_config) ();
+			make_field ~name:"allowed-operations" 
+				~get:(fun () -> String.concat "; " (List.map Record_util.pool_operation_to_string (x ()).API.pool_allowed_operations))
+				~get_set:(fun () -> List.map Record_util.pool_operation_to_string (x ()).API.pool_allowed_operations) ();
+			make_field ~name:"current-operations"
+				~get:(fun () -> String.concat "; " (List.map (fun (a,b) -> Record_util.pool_operation_to_string b) (x ()).API.pool_current_operations))
+				~get_set:(fun () -> List.map (fun (a,b) -> Record_util.pool_operation_to_string b) (x ()).API.pool_current_operations) ();
 			make_field ~name:"ha-enabled" ~get:(fun () -> string_of_bool (x ()).API.pool_ha_enabled) ();
 			make_field ~name:"ha-configuration"     ~get:(fun () -> Record_util.s2sm_to_string "; " (x ()).API.pool_ha_configuration) ();
 			make_field ~name:"ha-statefiles" ~get:(fun () -> String.concat "; " (List.map (fun x -> get_uuid_from_ref (Ref.of_string x)) (x ()).API.pool_ha_statefiles)) ();

ocaml/idl/api_errors.ml

@@ -374,6 +374,8 @@ let ballooning_disabled = "BALLOONING_DISABLED"
 let ha_host_is_armed = "HA_HOST_IS_ARMED"
 let ha_is_enabled = "HA_IS_ENABLED"
 let ha_not_enabled = "HA_NOT_ENABLED"
+let ha_enable_in_progress = "HA_ENABLE_IN_PROGRESS"
+let ha_disable_in_progress = "HA_DISABLE_IN_PROGRESS"
 let ha_not_installed = "HA_NOT_INSTALLED"
 let ha_host_cannot_see_peers = "HA_HOST_CANNOT_SEE_PEERS"
 let ha_too_few_hosts = "HA_TOO_FEW_HOSTS"

ocaml/idl/datamodel.ml

@@ -1137,6 +1137,10 @@ let _ =
     ~doc:"The operation could not be performed because HA is enabled on the Pool" ();
   error Api_errors.ha_not_enabled [ ]
     ~doc:"The operation could not be performed because HA is not enabled on the Pool" ();
+  error Api_errors.ha_enable_in_progress [ ]
+    ~doc:"The operation could not be performed because HA enable is in progress" ();
+  error Api_errors.ha_disable_in_progress [ ]
+    ~doc:"The operation could not be performed because HA disable is in progress" ();
   error Api_errors.ha_not_installed [ "host" ]
     ~doc:"The operation could not be performed because the HA software is not installed on this host." ();
   error Api_errors.ha_host_cannot_see_peers [ "host"; "all"; "subset" ]
@@ -5978,6 +5982,12 @@ let crashdump =
      ])
 	()
 
+let pool_operations =
+	Enum ("pool_allowed_operations",
+		[ "ha_enable", "Indicates this pool is in the process of enabling HA";
+			"ha_disable", "Indicates this pool is in the process of disabling HA";
+		])
+
 let pool_enable_ha = call
   ~in_product_since:rel_miami
   ~name:"enable_ha"
@@ -6604,8 +6614,8 @@ let pool =
 			; pool_disable_ssl_legacy
 			]
 		~contents:
-			[uid ~in_oss_since:None _pool
-			; field ~in_oss_since:None ~qualifier:RW ~ty:String "name_label" "Short name"
+			([uid ~in_oss_since:None _pool] @
+			[ field ~in_oss_since:None ~qualifier:RW ~ty:String "name_label" "Short name"
 			; field ~in_oss_since:None ~qualifier:RW ~ty:String "name_description" "Description"
 			; field ~in_oss_since:None ~qualifier:DynamicRO ~ty:(Ref _host) "master" "The host that is pool master"
 			; field ~in_oss_since:None ~qualifier:RW ~ty:(Ref _sr) "default_SR" "Default SR for VDIs"
@@ -6635,7 +6645,7 @@ let pool =
 			; field ~in_oss_since:None ~in_product_since:rel_boston ~qualifier:DynamicRO ~ty:(Set (Ref _vdi)) "metadata_VDIs" "The set of currently known metadata VDIs for this pool"
 			; field ~in_oss_since:None ~in_product_since:rel_dundee ~qualifier:DynamicRO ~default_value:(Some (VString "xhad")) ~ty:String "ha_cluster_stack" "The ha cluster manager stack"
 
-			]
+			] @ (allowed_and_current_operations pool_operations) )
 		()
 
 (** Auth class *)

ocaml/test/test_common.ml

@@ -125,7 +125,8 @@ let make_pool ~__context ~master ?(name_label="") ?(name_description="")
 		?(gui_config=[]) ?(health_check_config=[]) ?(wlb_url="") ?(wlb_username="") ?(wlb_password=Ref.null)
 		?(wlb_enabled=false) ?(wlb_verify_cert=false) ?(redo_log_enabled=false)
 		?(redo_log_vdi=Ref.null) ?(vswitch_controller="") ?(restrictions=[])
-		?(other_config=[Xapi_globs.memory_ratio_hvm; Xapi_globs.memory_ratio_pv]) 
+		?(current_operations=[]) ?(allowed_operations=[])
+		?(other_config=[Xapi_globs.memory_ratio_hvm; Xapi_globs.memory_ratio_pv])
 		?(ha_cluster_stack="xhad") () =
 	let pool_ref = Ref.make () in
 	Db.Pool.create ~__context ~ref:pool_ref
@@ -135,6 +136,7 @@ let make_pool ~__context ~master ?(name_label="") ?(name_description="")
 		~ha_plan_exists_for ~ha_allow_overcommit ~ha_overcommitted ~blobs ~tags
 		~gui_config ~health_check_config ~wlb_url ~wlb_username ~wlb_password ~wlb_enabled
 		~wlb_verify_cert ~redo_log_enabled ~redo_log_vdi ~vswitch_controller
+		~current_operations ~allowed_operations
 		~restrictions ~other_config ~ha_cluster_stack;
 	pool_ref
 

ocaml/xapi/OMakefile

@@ -239,6 +239,7 @@ XAPI_MODULES = $(COMMON) \
 	xapi_logs_download \
 	xapi_vncsnapshot \
 	xapi_pool \
+	xapi_pool_helpers \
 	xapi_upgrade \
 	xapi_blob \
 	xapi_message \

ocaml/xapi/dbsync_master.ml

@@ -34,6 +34,7 @@ let create_pool_record ~__context =
 			~ha_host_failures_to_tolerate:0L ~ha_plan_exists_for:0L ~ha_allow_overcommit:false ~ha_overcommitted:false ~blobs:[] ~tags:[] ~gui_config:[] ~health_check_config:[]
 			~wlb_url:"" ~wlb_username:"" ~wlb_password:Ref.null ~wlb_enabled:false ~wlb_verify_cert:false
 			~redo_log_enabled:false ~redo_log_vdi:Ref.null ~vswitch_controller:"" ~restrictions:[]
+			~current_operations:[] ~allowed_operations:[]
 			~other_config:[
 				Xapi_globs.memory_ratio_hvm;
 				Xapi_globs.memory_ratio_pv;

ocaml/xapi/message_forwarding.ml

@@ -647,6 +647,26 @@ module Forward = functor(Local: Custom_actions.CUSTOM_ACTIONS) -> struct
 	module Pool = struct
 		include Local.Pool
 
+		(** Add to the Pool's current operations, call a function and then remove from the
+			current operations. Ensure the allowed_operations are kept up to date. *)
+		let with_pool_operation ~__context ~self ~doc ~op f =
+			let task_id = Ref.string_of (Context.get_task_id __context) in
+			retry_with_global_lock ~__context ~doc
+				(fun () ->
+					Xapi_pool_helpers.assert_operation_valid ~__context ~self ~op;
+					Db.Pool.add_to_current_operations ~__context ~self ~key:task_id ~value:op);
+					Xapi_pool_helpers.update_allowed_operations ~__context ~self;
+			(* Then do the action with the lock released *)
+			finally f
+				(* Make sure to clean up at the end *)
+				(fun () ->
+					try
+						Db.Pool.remove_from_current_operations ~__context ~self ~key:task_id;
+						Xapi_pool_helpers.update_allowed_operations ~__context ~self;
+						Early_wakeup.broadcast (Datamodel._pool, Ref.string_of self);
+					with
+						_ -> ())
+
 		let eject ~__context ~host =
 			info "Pool.eject: pool = '%s'; host = '%s'" (current_pool_uuid ~__context) (host_uuid ~__context host);
 			let local_fn = Local.Pool.eject ~host in
@@ -663,11 +683,19 @@ module Forward = functor(Local: Custom_actions.CUSTOM_ACTIONS) -> struct
 				(String.concat ", " (List.map Ref.string_of heartbeat_srs))
 				(String.concat "; " (List.map (fun (k, v) -> k ^ "=" ^ v) configuration))
 				cluster_stack ;
-			Local.Pool.enable_ha __context heartbeat_srs configuration cluster_stack
+			let pool = Helpers.get_pool ~__context in
+			with_pool_operation ~__context ~doc:"Pool.ha_disable" ~self:pool ~op:`ha_disable
+				(fun () ->
+					Local.Pool.enable_ha __context heartbeat_srs configuration cluster_stack
+				)
 
 		let disable_ha ~__context =
 			info "Pool.disable_ha: pool = '%s'" (current_pool_uuid ~__context);
-			Local.Pool.disable_ha __context
+			let pool = Helpers.get_pool ~__context in
+			with_pool_operation ~__context ~doc:"Pool.ha_disable" ~self:pool ~op:`ha_disable
+				(fun () ->
+					Local.Pool.disable_ha __context
+				)
 
 		let ha_prevent_restarts_for ~__context ~seconds =
 			info "Pool.ha_prevent_restarts_for: pool = '%s'; seconds = %Ld" (current_pool_uuid ~__context) seconds;

ocaml/xapi/xapi_pool_helpers.ml

@@ -0,0 +1,90 @@
+(*
+ * Copyright (C) 2006-2009 Citrix Systems Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; version 2.1 only. with the special
+ * exception on linking described in file LICENSE.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *)
+
+module D=Debug.Make(struct let name="xapi" end)
+open D
+
+open Db_filter
+open Record_util
+open Threadext
+open Api_errors
+
+let all_operations = [ `ha_enable; `ha_disable ]
+
+(** Returns a table of operations -> API error options (None if the operation would be ok) *)
+let valid_operations ~__context record _ref' =
+	let _ref = Ref.string_of _ref' in
+	let current_ops = List.map snd record.Db_actions.pool_current_operations in
+
+	let table = Hashtbl.create 10 in
+	List.iter (fun x -> Hashtbl.replace table x None) all_operations;
+	let set_errors (code: string) (params: string list) (ops: API.pool_allowed_operations_set) =
+		List.iter (fun op ->
+			if Hashtbl.find table op = None
+				then Hashtbl.replace table op (Some(code, params))) ops in
+
+	(* HA enable or disable cannot run if HA enable is in progress *)
+	if List.mem `ha_enable current_ops
+		then begin
+			set_errors Api_errors.ha_enable_in_progress [] [ `ha_enable ];
+			set_errors Api_errors.ha_enable_in_progress [] [ `ha_disable ]
+		end;
+	(* HA enable or disable cannot run if HA disable is in progress *)
+	if List.mem `ha_disable current_ops
+		then begin
+			set_errors Api_errors.ha_disable_in_progress [] [ `ha_enable ];
+			set_errors Api_errors.ha_disable_in_progress [] [ `ha_disable ]
+		end;
+	
+	(* HA disable cannot run if HA is already disabled on a pool *)
+	(* HA enable cannot run if HA is already enabled on a pool *)
+	let ha_enabled = Db.Pool.get_ha_enabled ~__context ~self:(Helpers.get_pool ~__context) in
+	if ha_enabled then
+		set_errors Api_errors.ha_is_enabled [] [ `ha_enable ]
+	else
+		set_errors Api_errors.ha_not_enabled [] [ `ha_disable ];
+	
+	table
+
+let throw_error table op =
+	if not(Hashtbl.mem table op)
+		then raise (Api_errors.Server_error(Api_errors.internal_error, [ Printf.sprintf "xapi_pool_helpers.assert_operation_valid unknown operation: %s" (pool_operation_to_string op) ]));
+
+	match Hashtbl.find table op with
+	| Some (code, params) -> raise (Api_errors.Server_error(code, params))
+	| None -> ()
+
+let assert_operation_valid ~__context ~self ~(op:API.pool_allowed_operations) =
+	let all = Db.Pool.get_record_internal ~__context ~self in
+	let table = valid_operations ~__context all self in
+	throw_error table op
+
+let update_allowed_operations ~__context ~self : unit =
+	let all = Db.Pool.get_record_internal ~__context ~self in
+	let valid = valid_operations ~__context all self in
+	let keys = Hashtbl.fold (fun k v acc -> if v = None then k :: acc else acc) valid [] in
+	Db.Pool.set_allowed_operations ~__context ~self ~value:keys
+
+(* Checks whether HA enable is in progress *)
+let ha_enable_in_progress ~__context =
+	let pool = Helpers.get_pool ~__context in
+	let current_ops = Db.Pool.get_current_operations ~__context ~self:pool in
+	if List.exists (fun (_, x) -> x = `ha_enable) current_ops then true else false
+
+(* Checks whether HA disable is in progress *)
+let ha_disable_in_progress ~__context =
+	let pool = Helpers.get_pool ~__context in
+	let current_ops = Db.Pool.get_current_operations ~__context ~self:pool in
+	if List.exists (fun (_, x) -> x = `ha_disable) current_ops then true else false
+

ocaml/xapi/xapi_vdi.ml

@@ -139,6 +139,10 @@ let check_operation_error ~__context ?(sr_records=[]) ?(pbd_records=[]) ?(vbd_re
 						else
 							if ha_enabled && List.mem record.Db_actions.vDI_type [ `ha_statefile; `redo_log ]
 							then Some (Api_errors.ha_is_enabled, [])
+							else if List.mem record.Db_actions.vDI_type [`ha_statefile; `metadata ] && Xapi_pool_helpers.ha_enable_in_progress ~__context
+							then Some (Api_errors.ha_enable_in_progress, [])
+							else if List.mem record.Db_actions.vDI_type [`ha_statefile; `metadata ] && Xapi_pool_helpers.ha_disable_in_progress ~__context
+							then Some (Api_errors.ha_disable_in_progress, [])
 							else
 								if not Smint.(has_capability Vdi_delete sm_features)
 								then Some (Api_errors.sr_operation_not_supported, [Ref.string_of sr])