xapi: report a clear error when host evacuation is blocked by unprotected VMs#7145
Open
olivierlambert wants to merge 1 commit into
Open
xapi: report a clear error when host evacuation is blocked by unprotected VMs#7145olivierlambert wants to merge 1 commit into
olivierlambert wants to merge 1 commit into
Conversation
…cted VMs When HA is enabled on the pool, host.evacuate (and host.restart, which calls it) refuses to plan the evacuation of any VM that is not HA-protected, that is, whose ha_restart_priority is not "restart". This is intentional: the HA planner only accounts for protected VMs, so unprotected ones are excluded from the evacuation plan. The problem is the error reported in that case. compute_evacuation_plan_no_wlb marked every unprotected VM with HOST_NOT_ENOUGH_FREE_MEMORY, and host.evacuate then raised it. That error is misleading in two ways: * It blames free memory, so operators look at RAM on the destination hosts (which is usually plentiful) instead of the real cause. * It was raised with a single parameter (the VM reference) while HOST_NOT_ENOUGH_FREE_MEMORY is documented as taking [needed; available], so clients such as Xen Orchestra render the available memory as "<unknown>". This has confused users for years (see issue xapi-project#4323 and the forum reports linked from it): evacuation fails with HOST_NOT_ENOUGH_FREE_MEMORY even when the destination has tens of GB free, purely because a VM is not HA-protected. Introduce a dedicated error, HOST_EVACUATE_VM_NOT_HA_PROTECTED, carrying the VM reference, and raise it instead for unprotected VMs. The message states the real cause and the ways to resolve it (protect the VM, shut it down or suspend it, or disable HA before evacuating). Behaviour is otherwise unchanged: the evacuation still fails for these VMs, it is just reported correctly. Closes xapi-project#4323 Signed-off-by: Olivier Lambert <olivier.lambert@vates.tech>
minglumlu
approved these changes
Jun 29, 2026
minglumlu
left a comment
minglumlu
left a comment
Member
There was a problem hiding this comment.
It's nice to get rid of the long standing confusing error message.
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
gthvn1
requested changes
Jun 29, 2026
gthvn1
left a comment
gthvn1
left a comment
Contributor
There was a problem hiding this comment.
LGTM. I only don't understand what is the host.restart in the commit message. I don't see such API in XAPI. Is it something higher level? I would consider removing that reference.
psafont
reviewed
Jun 29, 2026
Comment on lines
+766
to
+767
| "The host cannot be evacuated because HA is enabled on the pool and the \ | ||
| VM is not HA-protected (its ha_restart_priority is not set to \ |
Member
There was a problem hiding this comment.
Suggested change
| "The host cannot be evacuated because HA is enabled on the pool and the \ | |
| VM is not HA-protected (its ha_restart_priority is not set to \ | |
| "The host cannot be evacuated because HA is enabled on the pool and a VM \ | |
| running on it is not HA-protected (its ha_restart_priority is not set to \ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
When HA is enabled on a pool,
host.evacuate(andhost.restart, which callsit) refuses to plan the evacuation of any VM that is not HA-protected, that is,
whose
ha_restart_priorityis notrestart. This is by design: the HA planneronly accounts for protected VMs, so unprotected ones are left out of the plan.
The problem is the error reported in that situation.
compute_evacuation_plan_no_wlbmarked every unprotected VM with
HOST_NOT_ENOUGH_FREE_MEMORY, andhost.evacuatethen raised it. That error is misleading in two ways:
(which is usually plentiful) instead of the real cause.
HOST_NOT_ENOUGH_FREE_MEMORYis documented as taking[needed; available].Clients such as Xen Orchestra therefore render the available memory as
<unknown>.This has confused users for years. See #4323 and the forum reports linked from
it: evacuation fails with
HOST_NOT_ENOUGH_FREE_MEMORYeven when the destinationhas tens of GB free, purely because a resident VM is not HA-protected.
How
Introduce a dedicated error,
HOST_EVACUATE_VM_NOT_HA_PROTECTED, carrying the VMreference, and raise it instead for unprotected VMs. The message states the real
cause and the ways to resolve it (set the VM's
ha_restart_prioritytorestart, shut down or suspend the VM, or disable HA before evacuating thehost).
Behaviour is otherwise unchanged: the evacuation still fails for these VMs, it is
just reported correctly.
Files touched:
ocaml/xapi-consts/api_errors.ml: declare the error.ocaml/idl/datamodel_errors.ml: register it with a description.ocaml/xapi/xapi_host.ml: raise it for unprotected VMs in the evacuation plan.Testing
Built and tested on CI (build and test, unit tests, format, CodeChecker and
ShellCheck all green on a fork branch). The change is a pure diagnostic
improvement with no change to which VMs can be evacuated, so no new automated
test is included.
Closes #4323