[Libvir] Adding suppport for daemon restarts with stateful drivers

Daniel P. Berrange berrange at redhat.com
Fri Mar 21 23:09:06 UTC 2008


On Fri, Mar 21, 2008 at 04:50:45PM -0400, Daniel Veillard wrote:
> On Fri, Mar 21, 2008 at 05:35:12PM +0000, Daniel P. Berrange wrote:
> > The libvirt daemon has the ability to reload itself by sending it SIGHUP. 
> > For the QEMU & network drivers this makes it reload the config files for
> > VMs and re-init the iptables rules. It would be desirable though to allow
> > the daemon to perform a full restart. Principally this is for RPM upgrades
> > where you want toensure the daemon is running the new code.
> > 
> > The tricky thing is figuring out how to handle driver state. Looking at the
> > QEMU, network, storage and LXC drivers, there is not actually all that  much
> > state to deal with. It basically comes down to:
> > 
> >  - PID of child processes (eg QEMU, dnsmasq, container)
> >  - FDs for STDIN/OUT/ERR of the child processes
> >  - A possible logfile FD
> >  - Flag to indicate whether some objects are active or not
> > 
> > That is more or less it. Anything else is kept in the config files and can
> > be reloaded at will.
> 
>   From a libvirt client connected to the driver POV we would still either
> see a disconnection or a potential loss of state depending how they are
> connected, right ? if we are sure we can transparently restart fine, but
> I'm not sure it's always the case for say an ssh connection without an agent,
> still being able to re-exec on the new code is important, I would still try to
> avoid it if we can detect the code itself didn't change (for example if the
> timestamp on the /usr/sbin/libvirtd didn't change it's likely to be a simple
> reload -HUP command) 

Yes, it is an open question whether it would be neccessary to keep clients
open / functional. I'd probably argue that it should just kick off all
clients when re-exec()ing. Clients can trivially re-connect & the libvirt
API itself is stateless, so dropping & reconnecting is not a particularly
hard thing to deal with from that POV. 

> > So I was thinking about whether we could provide a simple protocol to allow
> > each stateful driver to save its state into some location, the daemon could
> > just 'exec()' itself again, and upon startup the drivers reload their active
> > state. Since the daemon just exec()'s itself it would still own the child
> > processes & still have all the neccessary FD's open. 
> 
>  yes but how much state is kept in buffers and code of the protocols ?

The SSL / Kerberos protocols definitely have arbitrary internal state that
would be impossible to preserve.  So if we tried this approach we'd have 
to kill off active clients & let them reconnect.

Dan.
-- 
|: Red Hat, Engineering, Boston   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|




More information about the libvir-list mailing list