Re: [libvirt] pvpanic plans?
On 08/22/2013 01:41 PM, Laszlo Ersek wrote:
On 08/22/13 21:19, Paolo Bonzini wrote:
> Il 22/08/2013 19:15, Laszlo Ersek ha scritto:
>>> 2) On all versions, <on_crash> will only work if the element is there.
>>
>> I like this, because, if on_crash doesn't work without panic_notifier
>> *at all*, then we can just drop panic_notifier, and make on_crash mean
>> (on_crash && panic_notifier) in the original sense.
>>
>> IOW, drop "panic_notifier", and make "on_crash" work
*always*.
>
> No, we cannot because of backwards compatibility. VMs could have no
> on_crash element (which means <on_crash>destroy</on_crash>) and yet the
> guest admin could expect them to reboot on panic.
Ah. I thought "no on_crash" meant <on_crash>ignore</on_crash>, or
something like that -- if on_crash was absent, the guest wouldn't see a
working pvpanic device in ACPI, and wouldn't trigger the event in qemu.
Unfortunately, <on_crash>ignore</on_crash> does not exist in current
libvirt codebase, and <on_crash> is always present on output (if omitted
on input, it is present as <on_crash>destroy</on_crash> on output; but
MOST vms have it as <on_crash>restart</on_crash> thanks to
virt-install's defaults).
In short, libvirt's problem is that older libvirt basically ignored the
setting (whether default of destroy or set by virt-manager to restart),
BOTH of those common options are most sensibly implemented by having a
panic device, but adding a panic device is guest visible, and therefore
must be controlled by some NEW piece of XML. If we add
<on_crash>ignore</on_crash, and teach virt-install to start using it,
that will help new guests, but won't change the problem for existing guests.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)