10:20 p.m.
Dan Smith wrote:
JF> While on the subject, I would like to understand the
usefulness of
JF> SnapshotType 32768. This type will save the vm's memory state and
JF> subsequently restore the vm. IMO applying this memory snapshot
JF> later would be quite dangerous. The vm has since been running and
JF> the disk state will be quite different from when the memory snapshot
JF> was taken. Does this make sense or am I not thinking clearly :-)?
That's true, it's not useful (or safe) to do a restore from it again,
once the guest has been restored once. However, if you're looking to
get the memory snapshot for forensic purposes, you would not care to be
able to restore from it again.
Right, that's a valid use case.
Perhaps we should use a different
filename in the case of a save-and-restore snapshot so that we don't
confuse our own logic into thinking that the domain has a valid save
image.
Agreed. Sounds like a good idea.
JF> Finally, invoking CreateSnapshot with SnapshotType 32769 will
save
JF> the vm and leave it powered off. Querying EnabledState shows the vm
JF> Enabled but Offline' (suspended). According to System
JF> Virtualization Profile, one should be able to move a vm in this
JF> state to Enabled by invoking RSC(Enabled) but doing so results in
JF> "snapshot exists, apply snapshot" error. So the behavior diverges
JF> from the spec IMO. It seems the current behavior of SnapshotService
JF> should just be implemented via RSC. CreateSnapshot -> RSC(Enabled
JF> but Offline), ApplySnapshot -> RSC(Enabled)
I thought we had discussed this before on IRC, but perhaps it got lost
in some of the other noise.
We did. I just felt the need to revisit it after playing with the code :-).
It seems a little broken to me to have the services cross each other
with this bit of functionality. While it may seem trivial right now,
since we only ever have one snapshot to restore from, I wonder what
behavior it should have later if we support multiple ones? Should it
restore from the most recent? The oldest? The snapshot service handles
this by exposing the snapshots as instances that the caller can
reference when asking to restore.
Yep, understood. I think my biggest problem with the SnapshotService is
that I have a hard time thinking about snapshots that don't include a
disk component - even more so in the context of multiple snapshots.
This to me is the usefulness of SnapshotService. I can happily take
snapshots (either just disk or disk + memory) and then sometime later
select one to apply and end up with a functional system. With multiple,
memory-only snapshots I think the most recent is all that could be
safely applied.
I would expect this to be the desired and sane behavior if it was
all
contained in ComputerSystem, but I don't think it makes sense to
intermingle the behavior of the snapshot service in this case.
Agreed.
Perhaps it would have been better to support this by doing a save on
RSC(suspend) and a restore on RSC(enabled, from suspend) in the first
place, but we figured that the snapshot service would be more useful in
the long run.
From a client's perspective I just think it is cumbersome to use the
SnapShotService to implement the notion of suspend. IMO, either the
providers should support suspend or not. Currently they don't (as
indicated in capabilities) but after invoking CreateSnapshot the vm is
in suspended state - so they kind of do. Folks here writing client code
are a little confused by this :-).
If we specify in the capabilities object that we don't support
the
transition from suspended to enabled, then we're not really breaking the
spec here, right?
Correct. And it seems the Virtual System Profile allows for states to
occur even if the client cannot explicitly move the vm to that state.
From note on page 23:
NOTE State transitions may be observed even if client state
management as described
in section 7.6 is not supported. For example, a state transition
might be initiated by means
inherent to the virtualization platform, or it might be triggered
during activation of the
virtualization platform itself.
So I think it is safe to say that from client's perspective the
providers don't support the suspended state. That said, they can
achieve the same effect by means of {Create,Apply}Snapshot with the
vendor defined values.
Thanks,
Jim