On 08/22/2013 01:41 PM, Laszlo Ersek wrote:
On 08/22/13 21:19, Paolo Bonzini wrote:
Il 22/08/2013 19:15, Laszlo Ersek ha scritto:
2) On all versions, <on_crash> will only work if the element is there.
I like this, because, if on_crash doesn't work without panic_notifier *at all*, then we can just drop panic_notifier, and make on_crash mean (on_crash && panic_notifier) in the original sense.
IOW, drop "panic_notifier", and make "on_crash" work *always*.
No, we cannot because of backwards compatibility. VMs could have no on_crash element (which means <on_crash>destroy</on_crash>) and yet the guest admin could expect them to reboot on panic.
Ah. I thought "no on_crash" meant <on_crash>ignore</on_crash>, or something like that -- if on_crash was absent, the guest wouldn't see a working pvpanic device in ACPI, and wouldn't trigger the event in qemu.
Unfortunately, <on_crash>ignore</on_crash> does not exist in current libvirt codebase, and <on_crash> is always present on output (if omitted on input, it is present as <on_crash>destroy</on_crash> on output; but MOST vms have it as <on_crash>restart</on_crash> thanks to virt-install's defaults). In short, libvirt's problem is that older libvirt basically ignored the setting (whether default of destroy or set by virt-manager to restart), BOTH of those common options are most sensibly implemented by having a panic device, but adding a panic device is guest visible, and therefore must be controlled by some NEW piece of XML. If we add <on_crash>ignore</on_crash, and teach virt-install to start using it, that will help new guests, but won't change the problem for existing guests. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org