CP-47656 VM anti-affinity generate breach alert #5605
Conversation
|
The first commit is to resolve dependency cycling issue if we call @LunfanZhang , would you please include such commit message in the first commit? Thanks~ And the title in the commit message is too long now. |
LunfanZhang
force-pushed
the
private/luzhan_official/CP-47656
branch
from
cedd82a
to
bcd8481
Compare
|
@LunfanZhang For this code change, I think we should also make sure no alert is generated/dismissed when no change in the state of VM anti-affinity, like below scenarios should also be tested:
|
toolstack restart and VM paused -> shutdown has been verified. there will no alerts generate |
Stopping or suspending a VM might also trigger an alert. |
Starting or resuming a VM might also dismiss an alert. |
Moving a VM from one anti-affinity group to another might also dismiss an alert. |
LunfanZhang
force-pushed
the
private/luzhan_official/CP-47656
branch
from
0e7e391
to
ce8d1a9
Compare
|
|
||
| val maybe_update_alerts_on_feature_change : | ||
| __context:Context.t | ||
| -> old_restrictions:(string * string) list |
There was a problem hiding this comment.
What are these assoc lists representing and what strings are expected here?
There was a problem hiding this comment.
The assoc list here is represent the (Feature, restriction of this feature) which get from Db.Pool.get_restrictions, we want to get the restriction change of the anti-affinity feature, especially from restriction true -> false or false -> true, the breach alert should generate or remove.
There was a problem hiding this comment.
This needs to be documented in the MLI file; might want to use an example to make the syntax for strings obvious.
There was a problem hiding this comment.
I have updated the MLI file with clearer parameter explanations
There was a problem hiding this comment.
Yeah, I pushed the change
There was a problem hiding this comment.
I just updated it again to include a simple example.
| |> function | ||
| | [] | [_] -> | ||
| None | ||
| | h :: remaining -> |
There was a problem hiding this comment.
What is the purpose of this code? Please add a comment. It also looks not efficient.
There was a problem hiding this comment.
This code snippet checks the breach state of a group and returns the host that is in breach. When there are no VMs or only one VM in the group, it is not a breach. and, when there are two or more VMs and all of them are on the same host, it is a breach, and the specific host is returned.
In this context, h represents the host of the first VM, and remaining represents the other hosts. We compare h with the remaining hosts to determine whether the group is breached or not.
There was a problem hiding this comment.
Would it be easier to express this using sets?
There was a problem hiding this comment.
I think both approaches are fine, and the current method is more easily extendable if the breach rule were to change in the future.
There was a problem hiding this comment.
Hi @lindig, I have resolved all the comments above, if there are no more comments, could help me to approve this PR? :-)
There was a problem hiding this comment.
I asked to add a code comment or some other documentation that explains this code but I don't see it.
There was a problem hiding this comment.
Ah, sorry, I misunderstood the comment you mentioned. I assumed you were asking to add a comment in this conversion. I have added the comments for this function now. I think it's fine.
LunfanZhang
force-pushed
the
private/luzhan_official/CP-47656
branch
2 times, most recently
from
a04d146
to
68b33ab
Compare
|
@LunfanZhang Would you please update the commit message of the first commit?
|
LunfanZhang
force-pushed
the
private/luzhan_official/CP-47656
branch
from
68b33ab
to
770f560
Compare
Updated |
LunfanZhang
force-pushed
the
private/luzhan_official/CP-47656
branch
2 times, most recently
from
4431267
to
d6d9454
Compare
| Each entry in the list contains a feature identifier and its corresponding restriction status. | ||
| Example: | ||
| [ | ||
| ("restrict_vlan", "true"); |
There was a problem hiding this comment.
Is the value in the key/value always true/false? If so, why is it a string and not a bool?
There was a problem hiding this comment.
Yes. It's always either "true" string or "false" string.
They are read from the XAPI DB. Converting them to true or false boolean would be more efficient?
There was a problem hiding this comment.
The string-based API invites errors if the only possible values are true/false but strings are accepted instead of just boolean values. It does not matter where the client obtains the values.
Would you please add more description to the commit message to make it better: |
There was a problem hiding this comment.
@LunfanZhang
I have another thought here: would you please also update the commit message of the 2nd commit, to add some description of how the alert will be triggered in what scenarios. This will make the commit history easy to understand without having to read the code, thank you!
Resolve dependency cycling issue if we call Xapi_alerts inside pool_features. Error: dependency cycle between modules in _build/default/ocaml/xapi: Xha_statefile -> Sm -> Sm_exec -> Xapi_session -> Pool_features -> Xapi_vm_group_helpers -> Xapi_alert -> Xapi_http -> Xapi_session Signed-off-by: Lunfan Zhang <Lunfan.Zhang@cloud.com>
LunfanZhang
force-pushed
the
private/luzhan_official/CP-47656
branch
from
d6d9454
to
8281c25
Compare
The generation of breach alerts during operations on VMs or groups, triggered when all running VMs within a group are breached (i.e., placed on the same host). The following may generate or dismiss alerts: Starting and resuming a VM. Stopping and suspending a VM. Pausing and unpausing a VM. Migrating a VM. Moving a VM from one group to another. Destroying a VM group. Changing the license from Premium to Standard dismisses all breach alerts, while changing from Standard to Premium generates them. In other scenarios, such as when a VM changes state from paused to shutdown, rebooting the VM will not trigger or dismiss alerts. Signed-off-by: Lunfan Zhang <Lunfan.Zhang@cloud.com>
LunfanZhang
force-pushed
the
private/luzhan_official/CP-47656
branch
2 times, most recently
from
86d8166
to
22259d0
Compare
gangj
merged commit da8ad7f
into
xapi-project:feature/vm-anti-affinity
This PR introduces the generation of breach alerts during operations on VMs or groups, triggered when all VMs within a group are breached (i.e., placed on the same host).
Test scenarios covered in this PR include:
Additionally, the
pool_featurehas been split into two parts,pool_featureandpool_feature_helpers, to address dependency cycles.Error: dependency cycle between modules in _build/default/ocaml/xapi: Xha_statefile -> Sm -> Sm_exec -> Xapi_session -> Pool_features -> Xapi_vm_group_helpers -> Xapi_alert -> Xapi_http -> Xapi_session