Recover from a failed compute node

admin

Recover from a failed compute node
' j# [& C4 V+ m0 p# pupdated: 2018-12-18 05:07
Recover from a failed compute node¶
1 ^0 j) K) T2 @, \& I0 XIf you deploy Compute with a shared file system, you can use several methods to quickly recover from a node failure. This section discusses manual recovery.

: b2 t( c) ?' `Evacuate instances¶
If a hardware malfunction or other error causes the cloud compute node to fail, you can use the nova evacuate command to evacuate instances. See evacuate instances for more information on using the command.
. _- d5 p* o* i5 H* R! [3 J; [, {
7 }2 l8 o7 ~+ NManual recovery¶
To manually recover a failed compute node:

; M3 |4 X4 k+ v% B( K4 Z. nIdentify the VMs on the affected hosts by using a combination of the openstack server list and openstack server show commands or the euca-describe-instances command.

For example, this command displays information about the i-000015b9 instance that runs on the np-rcc54 node:
* m* y: X) R) i. @' t
$ euca-describe-instances
; Z/ P6 q. I' _6 ~8 ^" Qi-000015b9 at3-ui02 running nectarkey (376, np-rcc54) 0 m1.xxlarge 2012-06-19T00:48:11.000Z 115.146.93.60
# t$ _& m/ U$ b. n. aQuery the Compute database for the status of the host. This example converts an EC2 API instance ID to an OpenStack ID. If you use the nova commands, you can substitute the ID directly. This example output is truncated:
/ o& z! `5 {8 u7 ]: S9 j$ ?
mysql> SELECT * FROM instances WHERE id = CONV('15b9', 16, 10) \G;
' v( @; k4 T$ P. S9 }3 [% E4 }*************************** 1. row ***************************
created_at: 2012-06-19 00:48:11
' r3 d; T5 N3 ?" r, @/ qupdated_at: 2012-07-03 00:35:11
2 N" k' M  r* {7 t* |1 edeleted_at: NULL
0 X% b* L6 H1 @- M" d...
id: 5561
...
( N: p" M' _) F$ k! kpower_state: 5
vm_state: shutoff
8 g! E5 X, B+ R& ~  \...
hostname: at3-ui02
host: np-rcc54
...
( [5 c( U  G7 z0 y/ Y9 Cuuid: 3f57699a-e773-4650-a443-b4b37eed5a06
...
task_state: NULL
- S/ @3 F- i% D5 ?...
: _) o7 Y. k& _' \0 H% v! iNote
! L1 z8 }6 H( Q+ Y( b
# l" o: W6 \4 h1 r7 `5 eFind the credentials for your database in /etc/nova.conf file.
# c! V9 Q3 B. p! k) ~
. D7 C  x% ]+ F7 j. W) \- kDecide to which compute host to move the affected VM. Run this database command to move the VM to that host:
1 \+ t8 X% P; r7 a6 t! ?
mysql> UPDATE instances SET host = 'np-rcc46' WHERE uuid = '3f57699a-e773-4650-a443-b4b37eed5a06';
If you use a hypervisor that relies on libvirt, such as KVM, update the libvirt.xml file in /var/lib/nova/instances/[instance ID] with these changes:
$ D8 z4 W  Y( g  p6 D
3 f* G! ~# @/ Q6 v2 i" v) uChange the DHCPSERVER value to the host IP address of the new compute host.
. c6 \: p& X2 e9 V6 W! G  dUpdate the VNC IP to 0.0.0.0.
+ `1 R+ V1 D3 \  e5 w$ \; }* fReboot the VM:

' `3 c  Y5 v4 K- {! Q4 [+ W4 S$ openstack server reboot 3f57699a-e773-4650-a443-b4b37eed5a06
. j  d2 V2 f# o8 t4 e! L3 KTypically, the database update and openstack server reboot command recover a VM from a failed host. However, if problems persist, try one of these actions:
: K8 i5 j1 F, @+ E0 A& C4 ?
Use virsh to recreate the network filter configuration.
Restart Compute services.
% ?1 T5 {9 @( M! KUpdate the vm_state and power_state fields in the Compute database.
Recover from a UID/GID mismatch¶
; N+ s4 L- Z' a# l# ]Sometimes when you run Compute with a shared file system or an automated configuration tool, files on your compute node might use the wrong UID or GID. This UID or GID mismatch can prevent you from running live migrations or starting virtual machines.
/ t  q9 o$ L$ |; q. k
This procedure runs on nova-compute hosts, based on the KVM hypervisor:

Set the nova UID to the same number in /etc/passwd on all hosts. For example, set the UID to 112.

+ B+ h% e0 R" }Note

Choose UIDs or GIDs that are not in use for other users or groups.
) I1 {; o, T6 B- m! m
Set the libvirt-qemu UID to the same number in the /etc/passwd file on all hosts. For example, set the UID to 119.
4 U( c0 @' h) u: G
! U( ^( S2 X/ F$ ~& h$ ]; k9 XSet the nova group to the same number in the /etc/group file on all hosts. For example, set the group to 120.

8 u3 j; k. D  U* y. DSet the libvirtd group to the same number in the /etc/group file on all hosts. For example, set the group to 119.

! @3 l$ W0 e9 N2 l: S8 Q2 @7 vStop the services on the compute node.

Change all files that the nova user or group owns. For example:

# find / -uid 108 -exec chown nova {} \;
# note the 108 here is the old nova UID before the change
5 k+ L/ l7 i; X7 x' N' z  f" e# find / -gid 120 -exec chgrp nova {} \;
# G. `* D8 y1 ~: G" ~' q" J: pRepeat all steps for the libvirt-qemu files, if required.
7 U6 X& H: H/ y& {- N" J( w
Restart the services.

To verify that all files use the correct IDs, run the find command.
2 W  n' ~1 s* `3 ~. M" Q# B5 J' P
! v1 s( [+ N+ p, ?& I7 U& h6 lRecover cloud after disaster¶
This section describes how to manage your cloud after a disaster and back up persistent storage volumes. Backups are mandatory, even outside of disaster scenarios.
  ]& W5 \3 s9 y  l2 ?( f. n
For a definition of a disaster recovery plan (DRP), see https://en.wikipedia.org/wiki/Disaster_Recovery_Plan.
! i. R; ]$ s- t: f. D
! G7 N% \6 b' i6 Y  l) U7 L% pA disk crash, network loss, or power failure can affect several components in your cloud architecture. The worst disaster for a cloud is a power loss. A power loss affects these components:
0 A' t0 O/ Y7 l& ]( S! P
A cloud controller (nova-api, nova-objectstore, nova-network)
9 }% j4 J4 ]8 N' DA compute node (nova-compute)
) k1 V% K, D$ J% g3 M6 pA storage area network (SAN) used by OpenStack Block Storage (cinder-volumes)
9 P: }/ s/ {0 q# n( V3 vBefore a power loss:

Create an active iSCSI session from the SAN to the cloud controller (used for the cinder-volumes LVM's VG).
1 ~3 t& [1 m7 w8 q/ j) ]6 {; wCreate an active iSCSI session from the cloud controller to the compute node (managed by cinder-volume).
* B& I5 V6 }" x( H! ^Create an iSCSI session for every volume (so 14 EBS volumes requires 14 iSCSI sessions).
) N6 \% |  ^+ u2 j& aCreate iptables or ebtables rules from the cloud controller to the compute node. This allows access from the cloud controller to the running instance.
# B! S6 M5 _' n( A* USave the current state of the database, the current state of the running instances, and the attached volumes (mount point, volume ID, volume status, etc), at least from the cloud controller to the compute node.
4 m1 ?9 D' I1 P7 NAfter power resumes and all hardware components restart:
. T, c1 Z' ?' C* h# T
2 `9 }9 n& }8 b( j9 \The iSCSI session from the SAN to the cloud no longer exists.

% M3 c! m! a! FThe iSCSI session from the cloud controller to the compute node no longer exists.
7 m1 v5 ]3 F: I) `
nova-network reapplies configurations on boot and, as a result, recreates the iptables and ebtables from the cloud controller to the compute node.
0 E. q2 m/ k4 T7 l; B+ z, e0 c
Instances stop running.
7 `- l! S% L* g: s$ M" k; `- [
Instances are not lost because neither destroy nor terminate ran. The files for the instances remain on the compute node.

8 q( P' H! m# sThe database does not update.

Begin recovery

8 z0 n: \6 S! {( W6 B: e4 ^, R+ FWarning
' K4 ], Q  \3 X# K
Do not add any steps or change the order of steps in this procedure.

6 H: d9 E* o4 e$ i$ Z/ V: BCheck the current relationship between the volume and its instance, so that you can recreate the attachment.
/ W, ?1 Q: i: T
; z/ j& O+ }* _5 t6 uUse the openstack volume list command to get this information. Note that the openstack client can get volume information from OpenStack Block Storage.

1 t! d, A, d. C8 P; I. p0 iUpdate the database to clean the stalled state. Do this for every volume by using these queries:

5 z  l5 s1 u8 [7 ^mysql> use cinder;
$ z( S# M. Z7 Z3 bmysql> update volumes set mountpoint=NULL;
2 r( d1 [! l4 k- `4 J0 umysql> update volumes set status="available" where status <>"error_deleting";
& L3 `" C  M  C5 H0 i4 [mysql> update volumes set attach_status="detached";
mysql> update volumes set instance_id=0;
2 \! U0 D: p6 {$ @. Z. i7 IUse openstack volume list command to list all volumes.
9 [4 {  }% y/ ]9 C( `$ [
Restart the instances by using the openstack server reboot INSTANCE command.
2 O+ m" [+ _9 m+ x3 `
6 m/ [$ j' Y; g1 mImportant

Some instances completely reboot and become reachable, while some might stop at the plymouth stage. This is expected behavior. DO NOT reboot a second time.
% ~* x7 X5 C# N0 p% F6 O# P
Instance state at this stage depends on whether you added an /etc/fstab entry for that volume. Images built with the cloud-init package remain in a pending state, while others skip the missing volume and start. You perform this step to ask Compute to reboot every instance so that the stored state is preserved. It does not matter if not all instances come up successfully. For more information about cloud-init, see help.ubuntu.com/community/CloudInit/.
9 O& O) l/ H) H' n5 d# h, @! _5 ]
If required, run the openstack server add volume command to reattach the volumes to their respective instances. This example uses a file of listed volumes to reattach them:
5 N- \0 y1 V' g* W* T
#!/bin/bash
3 {# ~0 d, Y$ l0 u
' U2 J: m+ h" D: O4 Uwhile read line; do
; T& L1 T9 R) l4 x    volume=`echo $line | $CUT -f 1 -d " "`
) s( r5 H. ]7 n6 o9 P6 j2 K. {    instance=`echo $line | $CUT -f 2 -d " "`
- @4 Z# T2 l2 Y1 H3 Y    mount_point=`echo $line | $CUT -f 3 -d " "`
        echo "ATTACHING VOLUME FOR INSTANCE - $instance"
+ A* B7 m! R4 x, ^$ Z    openstack server add volume $instance $volume $mount_point
    sleep 2
7 r% V$ }. b5 _1 ^1 Hdone < $volumes_tmp_file
Instances that were stopped at the plymouth stage now automatically continue booting and start normally. Instances that previously started successfully can now see the volume.

Log in to the instances with SSH and reboot them.
& E( E( p" A: Z' l4 e4 J; C
If some services depend on the volume or if a volume has an entry in fstab, you can now restart the instance. Restart directly from the instance itself and not through nova:

# shutdown -r now
When you plan for and complete a disaster recovery, follow these tips:

Use the errors=remount option in the fstab file to prevent data corruption.

In the event of an I/O error, this option prevents writes to the disk. Add this configuration option into the cinder-volume server that performs the iSCSI connection to the SAN and into the instances' fstab files.
Do not add the entry for the SAN's disks to the cinder-volume's fstab file.

Some systems hang on that step, which means you could lose access to your cloud-controller. To re-run the session manually, run this command before performing the mount:

! R( `$ d6 [3 N5 j% [# iscsiadm -m discovery -t st -p $SAN_IP $ iscsiadm -m node --target-name $IQN -p $SAN_IP -l
On your instances, if you have the whole /home/ directory on the disk, leave a user's directory with the user's bash files and the authorized_keys file instead of emptying the /home/ directory and mapping the disk on it.

2 R* \# ^  S5 _) k7 D; hThis action enables you to connect to the instance without the volume attached, if you allow only connections through public keys.
) |# d4 t! I4 B2 p5 @4 `2 e
5 ~! [3 h( U# s/ b- ^9 \7 s4 HTo script the disaster recovery plan (DRP), use the https://github.com/Razique bash script.
+ O5 h: a# q5 C* H' J
9 V3 C4 F5 B/ lThis script completes these steps:
( l- U" |, L: B
Creates an array for instances and their attached volumes.
Updates the MySQL database.
Restarts all instances with euca2ools.
3 [; Y7 |# h5 g- E6 wReattaches the volumes.
Uses Compute credentials to make an SSH connection into every instance.
The script includes a test mode, which enables you to perform the sequence for only one instance.

' q' O1 M6 o# e: s5 I2 yTo reproduce the power loss, connect to the compute node that runs that instance and close the iSCSI session. Do not detach the volume by using the openstack server remove volume command. You must manually close the iSCSI session. This example closes an iSCSI session with the number 15:
3 z- v  d6 M# b3 l
/ S- G& c" W4 j, O3 J, E# iscsiadm -m session -u -r 15
/ I9 [3 ~  T+ [( sDo not forget the -r option. Otherwise, all sessions close.

& G9 L, @  w- d# @8 P9 X' {# I' ?$ ]Warning

/ b6 V# N) S* B1 {There is potential for data loss while running instances during this procedure. If you are using Liberty or earlier, ensure you have the correct patch and set the options appropriately.
5 m1 p6 m+ Z3 B, b
updated: 2018-12-18 05:07