-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azure: Add check to verify image id #1846
azure: Add check to verify image id #1846
Conversation
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm, like we discussed offline, I am not convinced this a good approach. I think this very check is already performed by the createVM
api call and I'm not sure what the additional value is by doing it manually.
If we would start checking preconditons before vm start, why stop at the image, we could check for subnet id, iam rights, instance size availability in a region, etc...
So i checked without this pre image checking condition multiple network interfaces are being created even if image is not available until the range of available addresses is full, so looks like CreateVM api call doesn't actually prevent that as it was created as part of Also we have started with checking for image existence as that was our major concern as might be the case image is deleted or not present in that particular region. We can later on extend this to add more pre checks. |
This will plug a particular hole (i.e. image doesn't exist in this region) but there are multiple other ways VM creation can fail, even if the image is present, I don't think we can reasonably cover all those error cases. So, for example, if we're not allowed to spawn a VM in the resource group, because of a typo, we will run into the same problems. 2 questions: result, err := p.create(ctx, vmParameters)
if err != nil {
if err := p.deleteDisk(context.Background(), diskName); err != nil {
logger.Printf("deleting disk (%s): %s", diskName, err)
}
if err := p.deleteNetworkInterfaceAsync(context.Background(), nicName); err != nil {
logger.Printf("deleting nic async (%s): %s", nicName, err)
}
return nil, fmt.Errorf("Creating instance (%v): %s", result, err)
} after a failed VM creation we're supposed to delete the network interface, why do the NICs still leak on failed vm creation? maybe there is a bug in this logic. the other question: do we have to create the network interface in a separate API call? looking at the ARM template documentation it should be possible to specify a subnetId in the vm creation call directly?
|
Add check to verify if podvm image is present Fixes: confidential-containers#1842 Signed-off-by: Kartik Joshi <[email protected]>
afbda37
to
913b0b9
Compare
@kartikjoshi21 I think the problem with the NIC cleanup not working after a failed VM creation is because it's the deletion operation is async. So it will attempt to
this way you'll end up creation a lot of NICs in a busy loop. I think we should delete the NIC synchronous. That should address the problem. then we don't have to probe for image existence. |
Yess i checked that, looks like this is the problem. I will modify this change. Thanks @mkulke |
this should be superseded by #2056 - a missing image will not cause resource leakage if the resources are passively managed by azure |
Add check to verify if podvm image is present
Fixes: #1842