stepping-stone / vm-manager

The stoney cloud web interface.
http://www.stoney-cloud.org/
Other
0 stars 0 forks source link

Set libvirt's error_policy to "stop" by default #77

Open paraenggu opened 7 years ago

paraenggu commented 7 years ago

To minimize guest file system crashes, set libvirt's disk driver error_policy to stop (which in turn controls QEMU's werror and rerror settings). This will pause a guest on I/O problems, such as a GlusterFS backend going down, without crashing the file system or I/O stack. One can then investigate and (hopefully) fix the problem and resume the guests afterwards.

Quoting the QEMU manual:

werror=action,rerror=action

Specify which action to take on write and read errors. Valid actions are: "ignore" (ignore the error and try to continue), "stop" (pause QEMU), "report" (report the error to the guest), "enospc" (pause QEMU only if the host disk is full; report the error to the guest otherwise). The default setting is werror=enospc and rerror=report.

Currently, VM manager doesn't set the error_policy at all, thus libvirt sets the value to the default of report (report I/O errors up to the guest), according to the libvirt driver documentation:

The optional error_policy attribute controls how the hypervisor will behave on a disk read or write error, possible values are "stop", "report", "ignore", and "enospace".Since 0.8.0, "report" since 0.9.7 The default setting of error_policy is "report".

Red Hat's oVirt does the same (at least on oVirt 3.6): qemu process [...],cache=none,werror=stop,rerror=stop,aio=threads,[...]

The mentioned I/O error policy needs to be addressed within CPhpLibvirt.php

NiklausHofer commented 7 years ago

We performed a test with the patched version on our test cloud. The parameter gets set correctly on the creation of a new VM.