Re: [libvirt] [PATCH 0/3] Forbid migration with cache != none
On Tue, Feb 21, 2012 at 05:17:20PM +0100, Jiri Denemark wrote:
Migrating qemu domains with disks using cache != none is unsafe
unless
the disk images are stored on coherent clustered filesystem. Thus we
forbid migrating such domains unless VIR_MIGRATE_UNSAFE flags is used.
This series uses similar aproach to forbidding unsafe PCI passthrough
or disk format probing when we forbade those by default with the
possibility to force them.
Domain configuration is only checked on source, which makes migrating
affected domains from an old libvirt to the new one possible. Migrating
back is impossible since destination libvirtd would complain about
unknown flag (the flag is not filtered so it gets to the destination
even though it's not really used there).
However, users of clustered filesystems now have to always pass the new
flag to be able to migrate because libvirtd would think they are doing
something unsafe. Perhaps we should provide a system wide (i.e.,
/etc/libvirt/qemu.conf) tunable which would disable cache mode checking
for all domains at once?
I think we should add a virStorageFileIsClusterFS(const char *path)
and whitelist the filesystem magic that we know is ok. I expect GFS,
GFS2, OCFS2 would be a good starting point. We already do this for
virStorageFileIsSharedFS() in migration, so this is no worse
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|