[libvirt] [RFC]: Snapshot API v3
Matthias Bolte
matthias.bolte at googlemail.com
Wed Mar 31 00:29:18 UTC 2010
2010/3/31 Chris Lalancette <clalance at redhat.com>:
> On 03/30/2010 04:40 PM, Jiri Denemark wrote:
>> Hi.
>>
>> ...
>>> /* NOTE: struct _virDomainSnapshot is a private structure, ala
>>> * struct _virDomain.
>>> */
>>> typedef struct _virDomainSnapshot virDomainSnapshot;
>>>
>>> /* Take a snapshot of the current VM state. Throws an error if
>>> * the VM is not currently running */
>>> virDomainSnapshotPtr virDomainSnapshotCreateXML(virDomainPtr domain,
>>> const char *xmlDesc,
>>> unsigned int flags);
>>
>> This is probably a leftover from previous versions, but... why do we restrict
>> this API only for running VMs?
>
> Oops, yeah, you are right, I just forgot to change the comment. It now says:
>
> /* Take a snapshot of the current VM state. */
>
>>
>> ...
>>> /* Delete a snapshot - with no flags, the snapshot is not used anymore,
>>> * but also not removed. With a MERGE flag, it merges the snapshot into
>>> * the parent snapshot (or the base image, if there is no parent snapshot).
>>> * Note that if other snapshots would be discarded because of this
>>> * MERGE action, this operation will fail. If that is really what is intended,
>>> * use MERGE_FORCE.
>>> *
>>> * With a DISCARD flag, it deletes the snapshot. Note that if children snapshots
>>> * would be discarded because of this delete action, this operation will
>>> * fail. If this is really what is intended, use DISCARD_FORCE.
>>> *
>>> * MERGE, MERGE_FORCE, DISCARD, and DISCARD_FORCE are mutually-exclusive.
>>> *
>>> * Note that this operation can happen when the domain is running or shut
>>> * down, though this is hypervisor specific */
>>> typedef enum {
>>> VIR_DOMAIN_SNAPSHOT_DELETE_MERGE,
>>> VIR_DOMAIN_SNAPSHOT_DELETE_MERGE_FORCE,
>>> VIR_DOMAIN_SNAPSHOT_DELETE_DISCARD,
>>> VIR_DOMAIN_SNAPSHOT_DELETE_DISCARD_FORCE,
>>> } virDomainSnapshotDelete;
>>
>> Merging a snapshot into its parent is probably not the best semantics for
>> MERGE flag as hypervisors differ in the way merging is implemented. As you
>
> Yeah, you are right, we can't just declare this. It's also an open question
> to me what qemu does about merging (though bugs with loadvm/delvm are preventing
> me from testing this at the moment).
And as described in my other response ESX does merge-into-children
too, but I didn't realize this until now. I just used the wrong words
to describe it at first.
So, after I thought about this in detail, I'd like to ask: Is there
something like a merge-into-parent semantic at all?
>> also mention below, VirtualBox merges into all children instead of a parent.
>> We should allow for both cases. However it influences several things. Firstly,
>> it makes MERGE_FORCE unnecessary for child merging, which is not a big deal as
>> it can just be treated in the same way as MERGE. Secondly, it makes a huge
>> difference when deleting a snapshot with no child. In one case it results in
>> changes being merged and in other case it results changes begin dropped.
>>
>> One option is to refine the semantics to something like:
>>
>> - MERGE: merge changes into other snapshot(s) and fail if it would require any
>> snapshot to be discarded (even the one which was supposed to be merged)
>> - MERGE_FORCE: really merge even discarding other snapshots but fail if the
>> snapshot itself would actually be discarded
>> - DISCARD: discard the snapshot and fail if other snapshots would be discarded
>> - DISCARD_FORCE: discard, no matter what
>
> The problem with declaring these semantics is that they are somewhat confusing, so
> application developers will probably get them wrong. On the other hand it does
> allow us to declare a semantic that all 3 hypervisors probably can support,
> unlike the options below.
>
>>
>> Another option would be to introduce several different APIs for merging into
>> children, merging into parent, and discarding. That would allow drivers to
>> implement only supported methods. Even all of them for a very flexible
>> hypervisor.
>
> The problem with this one is that it will be difficult for application writers
> to write a single application that handles all of the hypervisors. Imagine trying
> to write a GUI around this, and you'll see what I mean. If we were to add 3 new
> API's like this, we would also probably want to add some data to the capabilities
> XML for the particular hypervisors so you could grey out specific options in a GUI.
>
> On the other hand, it does solve the problem with merging parents vs. children, and
> also diffuses Paolo's concern about the "SnapshotDelete" API sometimes deleting data
> and sometimes modifying the base image.
Again, I think there is nothing like "merging parents vs. children".
The only possibility is merging into children. Or am I totally
confused now?
>>
>> And the third option I see would be distinguishing merge direction using new
>> flags.
>
> This one is like the second option, in that you don't know which particular
> directions a particular hypervisor supports. You'd still need to add
> capabilities XML for each hypervisor.
>
> I have to say that after thinking about these 3 options, I like the first
> option the best. While it's slightly confusing, it is a good semantic. I'll
> update the documentation for this.
>
>>
>> Personally, I like the second option best as it provides the easiest way for
>> application to detect unsupported behavior.
>>
>> ...
>>> Possible issues:
>>> 1) I don't see a way to support "managed" save/restore and snapshotting with
>>> this API. I think we'll have to have a separate API for managed save/restore.
>>> 2) What is the semantic for deleting snapshots from a running domain?
>>> Virtualbox seems to not allow you to manipulate snapshots while the domain is
>>> running. Qemu does allow this, but it's currently unclear what the exact
>>> semantics are. VMware seems to allow manipulation of snapshots while the
>>> domain is running.
>>> 3) Do we need a snapshot UUID? Virtualbox allows you to have multiple snapshots
>>> with the same name, differentiated by UUID. Confusingly, they also have a
>>> "FindByName" method that returns the first depth-first search snapshot that matches
>>> a given name. For qemu, if you specify the same name twice it overwrites the previous
>>> one with the new one. I don't know what ESX does here.
>>
>> Libvirt uses/generates UUIDs for almost everything (networks, vms, ...) so it
>> might be more consistent to have UUID in snapshot as well.
>
> Yeah, that is true, which is why I'm waffling with it. In general it seems like superflous
> information, except in the one case of virtualbox duplicate names (ESX doesn't allow
> duplicate names, I don't think, and qemu blows away duplicates). My inclination is
> to declare the semantics of duplicate names to be undefined, since it doesn't seem
> to be a very useful feature.
>
As said in another response: ESX 4.0 allows duplicate names. It
distinguishes snapshots based on their ID. But this ID was added in
ESX 4.0. I think ESX 3.5 doesn't allow duplicate names.
With ESX 4.0 we could use the ID to derive a read-only UUID from it.
With ESX 3.5 we would need to abuse the name filed of a snapshot on
the ESX side to store a UUID per snapshot.
Matthias
More information about the libvir-list
mailing list