2021209 – [4.8.z] Unexpected killing of virt-launcher pod, can result in loss of data for hotplugged volumes

Bug 2021209 - [4.8.z] Unexpected killing of virt-launcher pod, can result in loss of data for hotplugged volumes

Summary: [4.8.z] Unexpected killing of virt-launcher pod, can result in loss of data f...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	4.8.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.8.4
Assignee:	Adam Litke
QA Contact:	Yan Du
Docs Contact:
URL:
Whiteboard:
Depends On:	2007397
Blocks:	2013662
TreeView+	depends on / blocked

Reported:	2021-11-08 15:04 UTC by Adam Litke
Modified:	2021-11-29 14:53 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2007397
Environment:
Last Closed:	2021-11-29 14:53:45 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Adam Litke 2021-11-08 15:04:47 UTC

+++ This bug was initially created as a clone of Bug #2007397 +++

Description of problem:
When the virt-launcher pod is killed unexpectedly, there is a possiblity that any hotplugged filesystem volumes will have their disk.img file removed from the backing storage.

Version-Release number of selected component (if applicable):


How reproducible:
Intermittent.

Steps to Reproduce:
1. Start a VM and create a volume then hotplug that volume into the VM.
2. At this point there are 2 pods, the virt-launcher pod and the attachment pod (hpvolume-xyz)
3. Force delete the virt-launcher pod: kubectl delete pod virt-launcher-xyz-abcd --force --graceperiod=0
4. This will terminate the virt-launcer pod, and put the VMI into failed state.
5. Check the contents of the volume you created in step 1. There should be a disk.img file. But a small number of times the disk.img will not be there. The following scenario happened:
- The virt-launcher pod is deleted, since we use an emptyDir as the point that mounts the disk.img file, there is now a race between the kubelet (which will empty the content of the emptyDir) and virt-handler. Virt-handler will notice the pod is gone, and go ahead and unmount all the hotplugged volumes from the virt-launcher pod. If virt-handler is run first, then there is no problem and everything is fine. However if the kubelet runs first, it will remove the contents of the emptyDir, which includes the bind mounted disk.img files. This will then also remove the file from the source volume.

Actual results:
A small percentage of times, the disk.img file disappears due to the kubelet winning the race and clearing the emptyDir before virt-handler can unmount the volumes

Expected results:
There is no race, and virt-handler always gets to unmount first. Or some other way of ensuring that 100% of the time, no data is lost.

Additional info:
It is unlikely the U/S kubernetes community will accept patches that modify the emptyDir behavior of blindly wiping the contents of the emptyDir. We have to find a different solution.

--- Additional comment from Maya Rashish on 2021-10-13 09:29:22 UTC ---

There's already a backport merged for v4.9, but the target release is v4.10. Do you want to duplicate this bug for v4.9?

--- Additional comment from Alexander Wels on 2021-10-13 13:03:47 UTC ---

Yeah we need a duplication with a target of 4.9.1

--- Additional comment from Yan Du on 2021-10-27 05:38:44 UTC ---

Run the test 100 times and issue could not be reproduced. Move bug to Verified
CNV v4.10.0-218

--- Additional comment from Adam Litke on 2021-11-02 13:37:06 UTC ---

This is in 4.9.0.  Updating target release.

--- Additional comment from Yan Du on 2021-11-03 11:36:39 UTC ---

There is another bug for 4.9.0 #2013662

Note You need to log in before you can comment on or make changes to this bug.