From: Wen Congyang <wency@cn.fujitsu.com>
To: Ian Campbell <ian.campbell@citrix.com>,
xen devel <xen-devel@lists.xen.org>,
Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Shriram Rajagopalan <rshriram@cs.ubc.ca>,
Wei Liu <wei.liu2@citrix.com>,
Changlong Xie <xiecl.fnst@cn.fujitsu.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Yang Hongyang <hongyang.yang@easystack.cn>
Subject: Re: [PATCH v4 2/5] remus: resume immediately if libxl__xc_domain_save_done() completes
Date: Tue, 19 Jan 2016 09:01:03 +0800 [thread overview]
Message-ID: <569D8ACF.30508@cn.fujitsu.com> (raw)
In-Reply-To: <1453135918.6020.193.camel@citrix.com>
On 01/19/2016 12:51 AM, Ian Campbell wrote:
> On Mon, 2016-01-18 at 13:40 +0800, Wen Congyang wrote:
>> For example: if the secondary host is down, and we fail to send the data to
>> the secondary host. xc_domain_save() returns 0. So in the function
>> libxl__xc_domain_save_done(), rc is 0(the helper program exits normally),
>> and retval is 0(it is xc_domain_save()'s return value). In such case, we
>> just need to complete the stream.
>
> What if the secondary host isn't actually down but just communication has
> failed for some reason? Won't both primary and secondary start their
> respective versions of the domain? What are the consequences of that?
> (Corruption?)
>
> I suppose this is a consequence of the lack of STONITH or splitbrain
> handling within Remus. Are there any plans to address this?
IIRC, Shriram Rajagopalan has some ideas about it(check the external heartbeat?).
There is no way to avoid splitbrain unless we have more than two hosts(at least
three hosts). If we want to avoid splitbrain, we may need to destroy both primary
and secondary guests.
An example:
judge host
/ \
1 2
/ \
primary host <-3-> secondary host
If connection 3 has problem:
case A: connection 1 and 2 is OK, we can select one to run, and another one will
be destroyed (we have a judge host)
case B: one of connection 1 and is OK, the another connection has problem. The
guest on the host that can connects to judge host will continue to run.
The another guest will be destroyed.
case C: both connection 1 and 2 have problem. The two guest will be destroyed.
>
>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> ---
>> tools/libxl/libxl.c | 5 ++++-
>> tools/libxl/libxl_stream_write.c | 14 ++++++++++++--
>> 2 files changed, 16 insertions(+), 3 deletions(-)
>>
>> diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
>> index abb2845..d50c3fb 100644
>> --- a/tools/libxl/libxl.c
>> +++ b/tools/libxl/libxl.c
>> @@ -884,7 +884,10 @@ int libxl_domain_remus_start(libxl_ctx *ctx,
>> libxl_domain_remus_info *info,
>>
>> assert(info);
>>
>> - /* Point of no return */
>> + /*
>> + * This function doesn't return until something is wrong, and
>> + * we need to do failover from secondary.
>
> I was actually hoping for user/API documentation (i.e. in a public header)
> rather than a code comment, I suppose this will do though.
OK, I will fix it.
>
>
>> + if (dss->remus)
>> + /*
>> + * For remus, if libxl__xc_domain_save_done() completes,
>> + * there was an error sending data to the secondary.
>> + * Resume the primary ASAP. The caller doesn't care of the
>> + * return value(Please refer to libxl__remus_teardown())
>
> There should usually be a space before a ( in text/prose (also in the
> changelog).
OK, I will fix it.
>
>> + */
>> + stream_complete(egc, stream, 0);
>> + else
>> + write_emulator_xenstore_record(egc, stream);
>> + }
>> }
>>
>> static void write_emulator_xenstore_record(libxl__egc *egc,
>
>
> .
>
next prev parent reply other threads:[~2016-01-19 1:01 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-18 5:40 [PATCH v4 0/5] migration/remus: bug fix and cleanup Wen Congyang
2016-01-18 5:40 ` [PATCH v4 1/5] remus: don't call stream_continue() when doing failover Wen Congyang
2016-01-18 16:45 ` Ian Campbell
2016-01-19 1:05 ` Wen Congyang
2016-01-18 5:40 ` [PATCH v4 2/5] remus: resume immediately if libxl__xc_domain_save_done() completes Wen Congyang
2016-01-18 16:51 ` Ian Campbell
2016-01-19 1:01 ` Wen Congyang [this message]
2016-01-19 11:01 ` Ian Campbell
2016-01-18 5:40 ` [PATCH v4 3/5] tools/libxc: don't send end record if remus fails Wen Congyang
2016-01-18 16:53 ` Ian Campbell
2016-01-18 16:53 ` Ian Campbell
2016-01-18 5:40 ` [PATCH v4 4/5] tools/libxc: error handling for the postcopy() callback Wen Congyang
2016-01-18 16:53 ` Ian Campbell
2016-01-18 5:40 ` [PATCH v4 5/5] tools/libxl: remove unused function libxl__domain_save_device_model() Wen Congyang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=569D8ACF.30508@cn.fujitsu.com \
--to=wency@cn.fujitsu.com \
--cc=andrew.cooper3@citrix.com \
--cc=hongyang.yang@easystack.cn \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=rshriram@cs.ubc.ca \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
--cc=xiecl.fnst@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.