[libvirt] [PATCH 0/3 TCK] Some tests for snapshot management

Daniel P. Berrange berrange at redhat.com
Fri Aug 26 15:03:30 UTC 2011 

On Fri, Aug 26, 2011 at 08:57:54AM -0600, Eric Blake wrote:
> On 08/26/2011 08:16 AM, Daniel P. Berrange wrote:
> >All these tests fail with current GIT, but are intended to work
> >with Eric's snapshot series applied.
> >
> >The first test in this list, however, does not pass.
> >
> >Eric's current tree forbids calling 'Destroy' on a transient
> >guest which has snapshots present. IMHO this is wrong, because
> >the guest may itself exit at any time, which leaves us in the
> >same state as is 'Destroy' had been called wrt snapshots.
> 
> Hmm, interesting point.
> 
> With managed save, we don't have that problem - the only way to have
> a managed save image is with a persistent def, so we can safely
> forbid undefine of a domain with managed save state.
> 
> >
> >IMHO, we should be allowed to call 'virDomainDestroy' on a
> >transient guest with snapshots, and then later 'virDomainCreateXML'
> >to re-create the guest and still have access to the snapshots
> 
> But leaving the snapshot metadata files behind is problematic.  If
> you create a new domain with the same name but a different uuid,
> then those existing metadata files _will_ cause problems with the
> domain definition.

Surely this simply means that the snapshot metadata files shold
be recording the orignal domain UUID, so that we can safely
ignore/discard them if the guest is re-defined with the same
name but new uuid ?

> >In other words, just because a transient guest is not currently
> >present, does not mean we should forget about its snapshots as
> >a management app can re-create it again at any time.
> 
> How about this compromise?
> 
> I already documented in my RFC the desire to add a new flag,
> virDomainSnapshotCreateXML(, VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE),
> which will allow a management app to recreate a metadata file.  I
> haven't yet implemented it, but think that it will solve this
> problem, as follows:
> 
> Libvirt should not ever forbid destroy of a domain with snapshots.
> However, when a transient guest shuts down, then part of the cleanup
> that libvirt does for that guest is to remove all existing snapshot
> metadata (the snapshots themselves continue to exist, but the
> libvirt hierarchy of creation date, domain xml, and parent
> relationships is gone).
> 
> On destroy, either the domain is persistent (so the snapshots will
> still be useful from the inactive guest), or the domain is transient
> (so the management app has to be aware of the ramifications).  But
> the management app _already_ has to track domain xml independently
> if it plans on recreating a new transient guest from the same disk
> images, so it is not too much of a stretch to assume that the
> management app can also track snapshot xml.  At which point, if the
> management app wants to recreate a new transient app with the same
> snapshot metadata, then it simply calls virDomainSnapshotCreateXML(,
> VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE) for each saved snapshot that it
> wants to revive in libvirt's tracking.
> 
> Thus, snapshot metadata is never left behind to confuse the creation
> of a new guest (persistent domains fail to undefine until the
> snapshots are cleaned up, and transient domains are cleaned up
> automatically when the last reference to the domain disappears), but
> can easily be restored and thus tracked externally.
> 
> However, this means that your first test would need tweaking - the
> test itself would have to create the snapshot, capture the snapshots
> xml, destroy the domain, then create a new domain with the same name
> and uuid, restore the snapshot, then revert to the snapshot, all to
> prove that redefining a transient domain does not lose the actual
> snapshot data, just the metadata that tracked the snapshot.
>
> There's also some FIXMEs in libvirt about the notion of extracting
> the name of all internal snapshots directly from qcow2 files, and
> exposing those to the user with minimal information.  qcow2 lacks
> parent and domain xml information, so the regenerated snapshot xml
> would be weak and reverting to it would require the use of
> VIR_DOMAIN_SNAPSHOT_REVERT_FORCE; but making it easier to expose all
> known internal snapshot names, even when libvirt does not have the
> metadata behind the origin of those internal snapshots, might be
> useful via a new flag to virDomainSnapshotListNames.
> 
> >
> >Forbidding virDomainUndefine with snapshots is more reasonable,
> 
> Good, I'll keep it that way, since it is consistent with managed
> save images.
> 
> >but I think its still possible to argue that it should be allowed
> >and that a later virDomainDefine with the same name+uuid should
> >resurrect any previous snapshots.
> 
> If resurrecting previous snapshots is important, then it should be
> done with VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE.

This is all workable, but is it overkill compared to just validating
the original VM uuid against the new UUID when loading metdata ?


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list