On Wed, Mar 08, 2017 at 07:26:08PM +0100, Philipp Hahn wrote:
Hello,
Am 08.03.2017 um 17:28 schrieb Martin Kletzander:
> On Wed, Mar 01, 2017 at 08:44:54PM +0100, Philipp Hahn wrote:
>> The documentation is plain wrong about the default write_error policy,
>> as its only implemented by QEMU (src/vz/vz_utils.c is the only other
>> case, which simply explodes, is anything except other then
>> VIR_DOMAIN_DISK_ERROR_POLICY_DEFAULT is used).
>>
>
> Sounds like bashing about some problem. Is there any bug somewhere? It
> does not add any useful information to the commit message, so I'll strip
> it off before pushing.
My problem is, that the documentation does not match the implementation
and from reading that documentation you get a wrong impression:
The documentation claims, that the default is "report", while the QEMU
internal default is "ENOSPC".
This has a sever difference, namely that your VM gets suspended when
your host systems file systems get full. This is a good default, as you
don't loose any data, but on the other hand your VM disappears from the
network until you free some space and resume the VM.
I have seen this happen multiple times and I know the behaviour by now,
but others have reported this "strange" behaviour to me several times:
they keep wondering why their VM suddenly gets paused, while the libvirt
documentation tells them that the VM would see all errors (report).
So lets please tell those people to look at the QEMU code and not the
libvirt code.
That's why we are trying not to promise any hypervisor defaults in the
docs (my review for v2). Mostly because the hypervisor default might
change. Every time you need something specific you need to specify it
in the XML. I'm sorry that disappointed you.
> So my question is; is there anything in that driver that needs
fixing
> WRT this patch?
The default is okay and the most save regarding data loss, but might not
be okay if service availability is more important to you.
We can even apply the following change on top, as QEMU is the only
driver implementing a configurable error policy:
> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index dc44a55..025007f 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -2744,13 +2744,14 @@
> The optional <code>error_policy</code> attribute controls
> how the hypervisor will behave on a disk read or write
> error, possible values are "stop", "report",
"ignore", and
> - "enospace".<span class="since">Since 0.8.0,
"report" since
> + "enospace".<span class="since">Since 0.8.0
(QEMU and KVM only), "report" since
> 0.9.7</span> The default is left to the discretion of the
> hypervisor.<br/>
> There is also an
> optional <code>rerror_policy</code> that controls behavior
> for read errors only. <span class="since">Since
> - 0.9.7</span>. If no rerror_policy is given, error_policy
> + 0.9.7 (QEMU and KVM only)</span>.
> + If no rerror_policy is given, error_policy
> is used for both read and write errors. If rerror_policy
> is given, it overrides the <code>error_policy</code> for
> read errors. Also note that "enospace" is not a valid
Yeah, unfortunately this is something we should handle more efficiently.
There's a lot of XML and documentation that's only QEMU-related.