[pve-devel] Handling 'path' requests during VM deletion

[pve-devel] Handling 'path' requests during VM deletion

[Andrei Perapiolkin via pve-devel]

[-- Attachment #1: Type: message/rfc822, Size: 7000 bytes --]

From: Andrei Perapiolkin <andrei.perepiolkin@open-e.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: [pve-devel] Handling 'path' requests during VM deletion
Date: Thu, 7 Aug 2025 17:34:02 -0400
Message-ID: <ec1c3036-4783-4c3a-baf0-a32d883dc852@open-e.com>

Hi,

VM deletion retries 'path'/'free_image' for already-removed volumes; 
expected plugin behavior on missing volumes is unclear.

When deleting a VM with multiple attached volumes, Proxmox deletes 
volumes sequentially (one at a time) and
updates the VM record only after all deletions complete.
If a volume deletion fails mid-process (e.g., network error), the VM 
record is not updated even though some volumes may have been 
successfully removed.
A subsequent delete attempt repeats all operations, including 'path' 
(and 'free_image') calls for volumes that were already deleted.


What is the proper response to 'path' and 'free_image' calls for a 
volume that no longer exists?
For path, should the call fail (e.g., 'die'), succeed with an empty 
string, or return a 'storage path'?


Tested on Proxmox VE 8.4.0

Best regards,
Andrei Perepiolkin



[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] Handling 'path' requests during VM deletion

[Fiona Ebner]

Hi Andrei,

Am 07.08.25 um 11:39 PM schrieb Andrei Perapiolkin via pve-devel:
> Hi,
> 
> VM deletion retries 'path'/'free_image' for already-removed volumes; expected plugin behavior on missing volumes is unclear.
> 
> When deleting a VM with multiple attached volumes, Proxmox deletes volumes sequentially (one at a time) and
> updates the VM record only after all deletions complete.

Could you please file a bug for this: https://bugzilla.proxmox.com ?

> If a volume deletion fails mid-process (e.g., network error), the VM record is not updated even though some volumes may have been successfully removed.
> A subsequent delete attempt repeats all operations, including 'path' (and 'free_image') calls for volumes that were already deleted.
> 
> 
> What is the proper response to 'path' and 'free_image' calls for a volume that no longer exists?
> For path, should the call fail (e.g., 'die'), succeed with an empty string, or return a 'storage path'?

(Most) implementations of path() for plugins shipped by us [0] do not do
any I/O at all and thus don't check if the image actually exist. So you
can return the path, even if the volume does not exist.

Some of our implementations of free_image() fail if the volume does not
exist, some do not. Nothing should break if you indicate success when
free_image() is called and the image does not exist.

[0]:
https://git.proxmox.com/?p=pve-storage.git;a=tree;f=src/PVE/Storage;h=26012be26cb3c24515e99a02e7ad438f29c81646;hb=HEAD

Best Regards,
Fiona


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] Handling 'path' requests during VM deletion

[Andrei Perapiolkin via pve-devel]

[-- Attachment #1: Type: message/rfc822, Size: 8949 bytes --]

From: Andrei Perapiolkin <andrei.perepiolkin@open-e.com>
To: Fiona Ebner <f.ebner@proxmox.com>, Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] Handling 'path' requests during VM deletion
Date: Mon, 8 Sep 2025 16:08:01 -0400
Message-ID: <472f7cfb-f105-4e71-834f-8c3352ee82df@open-e.com>

Hi Fiona,


Thank you for your reply.

I have added a bug report: https://bugzilla.proxmox.com/show_bug.cgi?id=6776


I also decided to return an empty string ('') for volumes that do not exist.

My reasoning is that if I return any path that might actually exist, 
some parts of the Proxmox system could try to open, read, or write to 
this "file,"  unintentionally creating it.
This could corrupt the server’s file system, or consume disk space if 
the server has limited local storage — for example, when the operation 
involves cloning a multi-terabyte data block.

I would like to hear your opinion regarding this conclusion.
Is it acceptable, or should I re-evaluate it?


Best regards,
Andrei Perepiolkin

On 8/14/25 11:11, Fiona Ebner wrote:
> Hi Andrei,
>
> Am 07.08.25 um 11:39 PM schrieb Andrei Perapiolkin via pve-devel:
>> Hi,
>>
>> VM deletion retries 'path'/'free_image' for already-removed volumes; expected plugin behavior on missing volumes is unclear.
>>
>> When deleting a VM with multiple attached volumes, Proxmox deletes volumes sequentially (one at a time) and
>> updates the VM record only after all deletions complete.
> Could you please file a bug for this: https://bugzilla.proxmox.com ?
>
>> If a volume deletion fails mid-process (e.g., network error), the VM record is not updated even though some volumes may have been successfully removed.
>> A subsequent delete attempt repeats all operations, including 'path' (and 'free_image') calls for volumes that were already deleted.
>>
>>
>> What is the proper response to 'path' and 'free_image' calls for a volume that no longer exists?
>> For path, should the call fail (e.g., 'die'), succeed with an empty string, or return a 'storage path'?
> (Most) implementations of path() for plugins shipped by us [0] do not do
> any I/O at all and thus don't check if the image actually exist. So you
> can return the path, even if the volume does not exist.
>
> Some of our implementations of free_image() fail if the volume does not
> exist, some do not. Nothing should break if you indicate success when
> free_image() is called and the image does not exist.
>
> [0]:
> https://git.proxmox.com/?p=pve-storage.git;a=tree;f=src/PVE/Storage;h=26012be26cb3c24515e99a02e7ad438f29c81646;hb=HEAD
>
> Best Regards,
> Fiona
>


[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] Handling 'path' requests during VM deletion

[Fiona Ebner]

Am 08.09.25 um 10:07 PM schrieb Andrei Perapiolkin:
> I have added a bug report: https://bugzilla.proxmox.com/show_bug.cgi?
> id=6776

Thanks!

> I also decided to return an empty string ('') for volumes that do not
> exist.
> 
> My reasoning is that if I return any path that might actually exist,
> some parts of the Proxmox system could try to open, read, or write to
> this "file,"  unintentionally creating it.
> This could corrupt the server’s file system, or consume disk space if
> the server has limited local storage — for example, when the operation
> involves cloning a multi-terabyte data block.
> 
> I would like to hear your opinion regarding this conclusion.
> Is it acceptable, or should I re-evaluate it?

I don't think an image would be auto-created, except if the storage or
filesystem is doing that upon open, which would be wrong. The path is
just passed along to QEMU (or qemu-img) and those will abort if it
cannot be opened.

With returning '' you might run into other errors or warnings and since
other plugins don't do this, it's not really tested. You would be more
in line with other plugins by returning the path. Alternatively, using
"die" if the volume doesn't exist, seems a bit nicer too and would be in
line with what the related qemu_blockdev_options() method does.

Best Regards,
Fiona


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel