[libvirt-users] how "safe" is blockcommit ?
Lentes, Bernd
bernd.lentes at helmholtz-muenchen.de
Mon Sep 10 11:51:23 UTC 2018
----- On Sep 7, 2018, at 9:26 PM, Eric Blake eblake at redhat.com wrote:
> On 09/07/2018 12:06 PM, Lentes, Bernd wrote:
>> Hi,
>>
>> currently i'm following
>> https://wiki.libvirt.org/page/Live-disk-backup-with-active-blockcommit. I 'm
>> playing around with it and it seems to be quite nice.
>> What i want is a daily consistent backup of my image file of the guest.
>> I have the idea of the following procedure:
>>
>> - Shutdown the guest (i can live with a downtime of a few minutes, it will
>> happen in the night).
>> And i think it's the only way to have a real clean snapshot
>
> Not the only way - you can also use qemu-guest-agent with a trusted
> guest to quiesce all filesystem I/O after freezing database operations
> at a consistent point, for a clean snapshot of a live guest. But
> shutting down is indeed safe, and easier to reason about than worrying
> whether your qga interaction is properly hooked into all necessary
> places for a live quiesce.
>
>> - create a snapshot with snapshot-create-as: snapshot-create-as guest testsn
>> --disk-only
>> - start the guest again. Changes will now go into the overlay, as e.g. inserts
>> in a database
>> - rsync the base file to a cifs server. With rsync not the complete, likely big
>> file is transferred but just the delta
>
> We're also trying to add support for incremental backups into a future
> version of libvirt on top of the qemu 3.0 feature of persistent bitmaps
> in qcow2 images, which could indeed guarantee that you transfer only the
> portions of the guest disk that were touched since the last backup. But
> as that's still something I'm trying to code up, your solution of using
> rsync to pick out the deltas is as good as anything you can get right now.
>
>> - blockcommit the overlay: blockcommit guest /path/to/testsn --active --wait
>> --verbose --pivot
>> - delete the snapshot: snapshot-delete guest --snapshotname testsn --metadata
>> - remove the overlay
>>
>> Is that ok ? How "safe" is blockcommit on a running guest ?
>
> Yep, that's the right way to do it! It's perfectly safe - the guest
> doesn't care whether it is reading/writing from the backing file or the
> overlay, and even if the blockcommit action is aborted, you can restart
> it for the same effects.
>
> (Okay, if you want to get technical, you need to know that committing
> from 'Base <- mid <- top' down to 'Base' leaves 'mid' in an inconsistent
> state - but that's not something the guest can see through 'top'; and
> your specific case is just committing to the immediate backing layer
> rather than skipping layers like that).
>
>> It's possible that during the rsync, when the guest is running, some inserts are
>> done in a database.
>
> As long as the backing file is read-only during the rsync (which it is,
> since all your guest writes are going to the overlay), then nothing the
> guest can do will interfere with what rsync can see. Just be sure that
> you don't start the blockcommit until after rsync is done.
>
>> Is it safe to copy the new sectors (i assume that's what blockcommit does) under
>> a running database ?
>> Or is it only safe doing blockcommit on a stopped guest ?
>
> Live blockcommit is safe, and exists so you don't have to stop the guest.
>
> For a bit more insight into what is going on under the hood, the slides
> from my KVM Forum talk from a few years back may give some nice insights:
> http://events17.linuxfoundation.org/sites/events/files/slides/2015-qcow2-expanded.pdf
>
>>
>> Thanks for any answer.
>>
>> Bernd
>>
>> P.S. Is the same procedure possible when the guest disk(s) reside directly in a
>> plain logical volume, without a file system in-between ?
>
> Live blockcommit works onto any host storage protocol (whether
> filesystem, block device via LVM, or even remote access such as NBD or
> ceph). The key is that your overlay is a qcow2 file that is tracking
> the deltas during the time in which you are capturing your backup of the
> backing file, and then blockcommit safely writes those deltas back into
> the backing file prior to no longer needing the overlay.
>
> --
> Eric Blake, Principal Software Engineer
> Red Hat, Inc. +1-919-301-3266
> Virtualization: qemu.org | libvirt.org
Hi Eric,
a big thanks to this outstanding clear and thorough answer.
It's a pleasure to get such information from the developers themselves, and so quick !
Bernd
Helmholtz Zentrum Muenchen
Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
Ingolstaedter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrer: Prof. Dr. med. Dr. h.c. Matthias H. Tschoep, Heinrich Bassler, Dr. rer. nat. Alfons Enhsen
Registergericht: Amtsgericht Muenchen HRB 6466
USt-IdNr: DE 129521671
More information about the libvirt-users
mailing list