On 04/28/11 16:46, Anthony Liguori wrote:
On 04/28/2011 09:38 AM, Jes Sorensen wrote:
Sorry but this is utterly bogus.
The snapshot support as is works fine, and the command is in the
monitor. We should expose it in QMP as well.
It went in for the monitor because it was considered an imperfect
command so we held up the QMP side because we wanted a better interface.
I am not sure who is included in the 'we' here.....
The current command does:
1) Create new image backing to current image
2) Flush outstanding I/O to old image
3) Close current image
4) Reopen newly created image
5) Go
Operations (1) and (2) are very synchronous operations. (4) can be too.
We really should have a bdrv_aio_snapshot() function that implements
the logic for at least (2) in an asynchronous fashion.
That sort of interface is going to affect how we expose things in QMP.
As from a QMP perspective, we're going to do something like:
a) start snapshot
b) query snapshot progress
c) receive notification of snapshot completion
d) flip over image
Sorry this is inherently broken. The management tool should not be
keeping state in this process. I agree an async interface would be nice,
but the above process is plain wrong.
The async snapshot process needs to be doing the exact same as in the
current implementation, the main difference is that it would be running
asynchronously and that QMP would be able to query the state of it.
And of course, this needs to be carefully thought through for race
conditions. In the current command, what happens if you get a crash
between (2) and (3)? There's no way for the management tools to know
that we didn't finish flushing writes. How does the management tool
know that (1) didn't fail mid way through resulting in a corrupted image?
There is no issue here, you have the exact same problem if you get a
crash during d) in your example. It is the same with the existing
command, the crash is only an issue if it happens right in the middle of
the switch over. Until then, only the original image remains valid.