9:21 a.m.
As I wrote here:
https://www.redhat.com/archives/libvir-list/2007-April/msg00114.html
remote access to qemu:/// URLs currently deadlocks. A bit of
explanation follows as to why this happens in the current architecture
of the remote patch.
If you apply the remote patch right now, you'll get a modified
libvirt_qemud server which can handle both qemu and remote requests over
the same socket. (Basically both qemu_internal.c and remote_internal.c
connect to the same Unix domain socket, then depending on the "program
number" encoded within the RPC messages, they get dispatched accordingly
inside libvirt_qemud). The server is written to handle multiple
connections at once using non-blocking poll[1], but once the server has
assembled a whole incoming message, it then blocks while dealing with
that message.
The problem occurs in the qemu case when the remote server issues a call
into qemu_internal (now linked into the server), and qemu_internal then
tries to connect out to the qemu daemon. Unfortunately the qemu daemon
/is/ the remote server, which is blocked handling the current call.
Thus it is unable to accept the new connection (from itself) and
completely deadlocks.
One solution suggested was to have qemu_internal recognise when it is
linked into the server and make local calls back to its counterpart in
the server. However I think this is pretty ugly and unnecessarily
complicates qemu_internal which shouldn't care how it is linked.
My thoughts on the long term solution
-------------------------------------
I'd really like to see the qemu case not require a daemon. At the
moment (AFAICS) the qemu daemon serves two purposes: (a) it keeps track
of the monitor file descriptors of the existing qemu processes, and (b)
it handles the networking stuff, basically starting and stopping
dnsmasq[2]. (a) is easily handled, I think, by having qemu processes
put their monitor sockets into a well-known directory. This has the
other advantage that qemu processes can survive and continue after qemu
programs restart. For the (b) case, I don't think networking which is a
general service should be mixed up with qemu code.
I think (although probably I've missed some things) that this means that
qemu_internal could be implemented entirely as a local service,
requiring no daemon. (In the case where qemu_internal needs to control
a root-owned system-wide set of qemu processes then we'd still have to
have a daemon, but it can be the remote daemon, same way that Xen will
work).
My suggestion for a short term solution
---------------------------------------
Since doing the above is way more than I'm going to do just to get
remote working, my suggestion is that we have two daemons running, qemud
and remote. Both would be built from the exact same codebase: the mode
would be selected by having a 'libvirtd --remote' flag on the command
line (or however, but the important thing is that they'd keep the same
codebase).
This immediately fixes the deadlock problem[3] because qemu_internal
linked to the server is now talking to a different daemon.
Rich.
[1] As an aside, I don't particularly like this architecture. Linus has
handed down to us an efficient operating system which is already capable
of multiplexing different clients using a marvellous system called
"multitasking". Hand-coding polling code inside a single process is
really only necessary in very limited circumstances, such as highly
tuned uniprocessor machines with enormous loads, and we are not likely
to get into such a situation with libvirtd. If we ever did we'd need to
benchmark a range of possible solutions. Processes on the other hand
have real advantages, such as security through isolation and controlled
sharing, and easy scalability onto SMP machines.
[2] Although I don't really understand the networking stuff too well, so
perhaps it does other things.
[3] Except in the "remote-on-remote" case, but we should disallow this
explicitly because it seems like it would be nothing but trouble.
--
Emerging Technologies, Red Hat http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
Registered in England and Wales under Company Registration No. 3798903
Directors: Michael Cunningham (USA), Charlie Peters (USA) and David
Owens (Ireland)
10:18 a.m.
On Wed, Apr 18, 2007 at 03:21:55PM +0100, Richard W.M. Jones wrote:
As I wrote here:
https://www.redhat.com/archives/libvir-list/2007-April/msg00114.html
remote access to qemu:/// URLs currently deadlocks. A bit of
explanation follows as to why this happens in the current architecture
of the remote patch.
If you apply the remote patch right now, you'll get a modified
libvirt_qemud server which can handle both qemu and remote requests over
the same socket. (Basically both qemu_internal.c and remote_internal.c
connect to the same Unix domain socket, then depending on the "program
number" encoded within the RPC messages, they get dispatched accordingly
inside libvirt_qemud). The server is written to handle multiple
connections at once using non-blocking poll[1], but once the server has
assembled a whole incoming message, it then blocks while dealing with
that message.
The problem occurs in the qemu case when the remote server issues a call
into qemu_internal (now linked into the server), and qemu_internal then
tries to connect out to the qemu daemon. Unfortunately the qemu daemon
/is/ the remote server, which is blocked handling the current call.
Thus it is unable to accept the new connection (from itself) and
completely deadlocks.
Can we recognize that the connection is on localhost and just serve
the request directly and synchronously instead ?
[...]
I'd really like to see the qemu case not require a daemon. At
the
Sure !
I still don't understand why we can't determine a call is local and
serve it directly, I must be blind ...
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
10:33 a.m.
Daniel Veillard wrote:
Can we recognize that the connection is on localhost and just
serve
the request directly and synchronously instead ?
Yes you can. In real terms what this would mean is that all the
functions in qemu_internal.c are changed so that they become:
static int qemuDestroyDomain(virDomainPtr domain) {
qemud_packet_client req;
qemud_packet_server reply;
qemuPrivatePtr priv = (qemuPrivatePtr) domain->conn->privateData;
req.data.type = QEMUD_CLIENT_PKT_DOMAIN_DESTROY;
req.data.qemud_packet_client_data_u.domainDestroyRequest.id =
domain->id;
#if QEMU_INTERNAL_IS_REALLY_LINKED_TO_THE_SERVER
/* some code to get the fake server & client, and then: */
qemudDispatchDomainDestroy (server, client, req, rep);
/* followed by some code to decode the fake "reply packet" */
#else /* existing code: */
if (qemuProcessRequest(domain->conn, priv->qemud_fd, NULL, &req,
&reply) < 0) {
return -1;
}
return 0;
#endif
}
So it can be done but qemu_internal is sure going to look ugly afterwards.
Rich.
--
Emerging Technologies, Red Hat http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
Registered in England and Wales under Company Registration No. 3798903
Directors: Michael Cunningham (USA), Charlie Peters (USA) and David
Owens (Ireland)
11:57 a.m.
On Wed, Apr 18, 2007 at 04:33:58PM +0100, Richard W.M. Jones wrote:
Daniel Veillard wrote:
> Can we recognize that the connection is on localhost and just serve
>the request directly and synchronously instead ?
Yes you can. In real terms what this would mean is that all the
functions in qemu_internal.c are changed so that they become:
static int qemuDestroyDomain(virDomainPtr domain) {
qemud_packet_client req;
qemud_packet_server reply;
qemuPrivatePtr priv = (qemuPrivatePtr) domain->conn->privateData;
req.data.type = QEMUD_CLIENT_PKT_DOMAIN_DESTROY;
req.data.qemud_packet_client_data_u.domainDestroyRequest.id =
domain->id;
#if QEMU_INTERNAL_IS_REALLY_LINKED_TO_THE_SERVER
/* some code to get the fake server & client, and then: */
qemudDispatchDomainDestroy (server, client, req, rep);
/* followed by some code to decode the fake "reply packet" */
#else /* existing code: */
if (qemuProcessRequest(domain->conn, priv->qemud_fd, NULL, &req,
&reply) < 0) {
return -1;
}
return 0;
#endif
}
So it can be done but qemu_internal is sure going to look ugly afterwards.
Maybe you can centralize the dispatcher one level up and keep it like
a driver, this could avoid the issue, no ?
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
5:49 a.m.
Daniel Veillard wrote:
On Wed, Apr 18, 2007 at 04:33:58PM +0100, Richard W.M. Jones wrote:
> Daniel Veillard wrote:
>> Can we recognize that the connection is on localhost and just serve
>> the request directly and synchronously instead ?
> Yes you can. In real terms what this would mean is that all the
> functions in qemu_internal.c are changed so that they become:
>
> static int qemuDestroyDomain(virDomainPtr domain) {
> qemud_packet_client req;
> qemud_packet_server reply;
> qemuPrivatePtr priv = (qemuPrivatePtr) domain->conn->privateData;
>
> req.data.type = QEMUD_CLIENT_PKT_DOMAIN_DESTROY;
> req.data.qemud_packet_client_data_u.domainDestroyRequest.id =
> domain->id;
>
> #if QEMU_INTERNAL_IS_REALLY_LINKED_TO_THE_SERVER
> /* some code to get the fake server & client, and then: */
> qemudDispatchDomainDestroy (server, client, req, rep);
> /* followed by some code to decode the fake "reply packet" */
> #else /* existing code: */
> if (qemuProcessRequest(domain->conn, priv->qemud_fd, NULL, &req,
> &reply) < 0) {
> return -1;
> }
>
> return 0;
> #endif
> }
>
> So it can be done but qemu_internal is sure going to look ugly afterwards.
Maybe you can centralize the dispatcher one level up and keep it like
a driver, this could avoid the issue, no ?
The individual driver calls (qemuDestroyDomain, etc.) are called from
the driver table, and since the qemud calls aren't compatible I can't
see how to do it except to special-case every call.
The real issue though is summarised in the attached diagram. I'm
proposing that we don't hack qemu_internal in the above way (top
diagram, dot-dash line) when in the long term that should all be going
away (bottom diagram). Note that this hack only affects
qemu-over-remote. Current usage of qemu continues same as before.
Rich.
--
Emerging Technologies, Red Hat http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom.
Registered in England and Wales under Company Registration No. 3798903
Directors: Michael Cunningham (USA), Charlie Peters (USA) and David
Owens (Ireland)
6427
days inactive
6428
days old
4 comments
2 participants
participants (2)
-
Daniel Veillard -
Richard W.M. Jones