<fix>[kvm]: prepare nvram folder before migrate VM

Zhang Wenhao · Zhang Wenhao · commit 3d09ff824c36 · 2026-03-19T14:58:31.000+08:00
Before vTPM VM live migration, send a `PrepareOnly` command
to the target host via the `VmPreMigrationExtensionPoint`
to create only the NVRAM directory,
thereby avoiding an error caused by the directory not existing
during migration.

Resolves: ZSV-11524
Related: ZSV-11438

Change-Id: I777875637a7071796d786c6566637875666a6970
diff --git a/conf/springConfigXml/Kvm.xml b/conf/springConfigXml/Kvm.xml
@@ -271,6 +271,7 @@
             <zstack:extension interface="org.zstack.kvm.KVMStartVmExtensionPoint" />
             <zstack:extension interface="org.zstack.header.vm.PreVmInstantiateResourceExtensionPoint" />
             <zstack:extension interface="org.zstack.header.vm.VmInstanceDestroyExtensionPoint" />
+            <zstack:extension interface="org.zstack.header.vm.VmPreMigrationExtensionPoint" />
         </zstack:plugin>
     </bean>
 </beans>
diff --git a/plugin/kvm/src/main/java/org/zstack/kvm/KVMAgentCommands.java b/plugin/kvm/src/main/java/org/zstack/kvm/KVMAgentCommands.java
@@ -2824,6 +2824,8 @@ public static class StartVmResponse extends VmDevicesInfoResponse {
     }
 
     public static class VmHostFileTO {
+        public static final String FORMAT_PREPARE_ONLY = "PrepareOnly";
+
         private String path;
         /**
          * maybe "NvRam" or "TpmState" ...
@@ -2832,9 +2834,13 @@ public static class VmHostFileTO {
         private String type;
         /**
          * maybe "Simple" or "TarballGzip"
+         * if prepare only, use {@link #FORMAT_PREPARE_ONLY}
          * @see VmHostFileContentFormat
          */
         private String fileFormat;
+        /**
+         * null if fileFormat is {@link #FORMAT_PREPARE_ONLY}
+         */
         @NoLogging
         private String contentBase64;
         private String error;
diff --git a/plugin/kvm/src/main/java/org/zstack/kvm/efi/KvmSecureBootExtensions.java b/plugin/kvm/src/main/java/org/zstack/kvm/efi/KvmSecureBootExtensions.java
@@ -3,6 +3,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.zstack.compute.legacy.ComputeLegacyGlobalProperty;
 import org.zstack.compute.vm.VmGlobalConfig;
+import org.zstack.compute.vm.VmSystemTags;
 import org.zstack.compute.vm.devices.VmTpmManager;
 import org.zstack.core.Platform;
 import org.zstack.core.cloudbus.CloudBus;
@@ -24,12 +25,16 @@
 import org.zstack.header.identity.AccountResourceRefVO;
 import org.zstack.header.identity.AccountResourceRefVO_;
 import org.zstack.header.message.MessageReply;
+import org.zstack.header.tpm.entity.TpmVO;
+import org.zstack.header.tpm.entity.TpmVO_;
 import org.zstack.header.vm.DiskAO;
 import org.zstack.header.vm.PreVmInstantiateResourceExtensionPoint;
 import org.zstack.header.vm.VmInstanceDestroyExtensionPoint;
 import org.zstack.header.vm.VmInstanceInventory;
 import org.zstack.header.vm.VmInstanceSpec;
 import org.zstack.header.vm.VmInstantiateResourceException;
+import org.zstack.header.vm.VmMigrationType;
+import org.zstack.header.vm.VmPreMigrationExtensionPoint;
 import org.zstack.header.vm.additions.VmHostBackupFileVO;
 import org.zstack.header.vm.additions.VmHostBackupFileVO_;
 import org.zstack.header.vm.additions.VmHostFileContentFormat;
@@ -72,14 +77,18 @@
 import java.util.Map;
 import java.util.Objects;
 
+import static org.zstack.compute.vm.VmGlobalConfig.ENABLE_UEFI_SECURE_BOOT;
 import static org.zstack.core.Platform.operr;
+import static org.zstack.header.vm.VmMigrationType.HostMigration;
 import static org.zstack.kvm.KVMConstant.*;
+import static org.zstack.utils.CollectionDSL.list;
 import static org.zstack.utils.CollectionUtils.findOneOrNull;
 import static org.zstack.utils.CollectionUtils.transform;
 
 public class KvmSecureBootExtensions implements KVMStartVmExtensionPoint,
         PreVmInstantiateResourceExtensionPoint,
-        VmInstanceDestroyExtensionPoint {
+        VmInstanceDestroyExtensionPoint,
+        VmPreMigrationExtensionPoint {
     private static final CLogger logger = Utils.getLogger(KvmSecureBootExtensions.class);
 
     @Autowired
@@ -160,6 +169,61 @@ private void prepareNvRamToStartVmCmd(KVMAgentCommands.StartVmCmd cmd, DiskAO nv
         }
     }
 
+    @Override
+    public void preVmMigration(VmInstanceInventory vm, VmMigrationType type, String dstHostUuid, Completion completion) {
+        if (HostMigration != type) {
+            completion.success();
+            return;
+        }
+
+        String tpmUuid = Q.New(TpmVO.class)
+                .eq(TpmVO_.vmInstanceUuid, vm.getUuid())
+                .select(TpmVO_.uuid)
+                .findValue();
+        boolean needRegisterNvRam = tpmUuid != null;
+        if (!needRegisterNvRam) {
+            String bootMode = VmSystemTags.BOOT_MODE.getTokenByResourceUuid(vm.getUuid(), VmSystemTags.BOOT_MODE_TOKEN);
+            if (isUefiBootMode(bootMode)) {
+                ResourceConfig resourceConfig = resourceConfigFacade.getResourceConfig(ENABLE_UEFI_SECURE_BOOT.getIdentity());
+                needRegisterNvRam = resourceConfig.getResourceConfigValue(vm.getUuid(), Boolean.class) == Boolean.TRUE;
+            }
+
+            if (!needRegisterNvRam) {
+                completion.success();
+                return;
+            }
+        }
+
+        SimpleFlowChain.of("prepare-nvram-before-vm-" + vm.getUuid() + "-migrate")
+                .then("prepare-nvram-folder-on-dest-host", trigger -> {
+                    VmHostFileTO to = new VmHostFileTO();
+                    to.setPath(buildNvramFilePath(vm.getUuid()));
+                    to.setType(VmHostFileType.NvRam.toString());
+                    to.setFileFormat(VmHostFileTO.FORMAT_PREPARE_ONLY);
+
+                    RewriteVmHostFilesContext context = new RewriteVmHostFilesContext();
+                    context.hostUuid = dstHostUuid;
+                    context.hostFiles = list(to);
+
+                    rewriteVmHostFiles(context, new Completion(trigger) {
+                        @Override
+                        public void success() {
+                            trigger.next();
+                        }
+
+                        @Override
+                        public void fail(ErrorCode errorCode) {
+                            trigger.fail(errorCode);
+                        }
+                    });
+                })
+                // TpmState folder is not needed to prepare
+                .propagateExceptionTo(completion)
+                .done(completion::success)
+                .error(completion::fail)
+                .start();
+    }
+
     public static class SyncVmHostFilesFromHostContext {
         public String hostUuid;
         public String vmUuid;
diff --git a/test/src/test/resources/springConfigXml/Kvm.xml b/test/src/test/resources/springConfigXml/Kvm.xml
@@ -270,6 +270,7 @@
             <zstack:extension interface="org.zstack.kvm.KVMStartVmExtensionPoint" />
             <zstack:extension interface="org.zstack.header.vm.PreVmInstantiateResourceExtensionPoint" />
             <zstack:extension interface="org.zstack.header.vm.VmInstanceDestroyExtensionPoint" />
+            <zstack:extension interface="org.zstack.header.vm.VmPreMigrationExtensionPoint" />
         </zstack:plugin>
     </bean>
 </beans>
