From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: Question: data consistency on fail-over using shared disk Date: Wed, 21 Jul 2010 10:27:53 +0300 Message-ID: <4C46A179.4070400@redhat.com> References: <4C469350.3080008@oss.ntt.co.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit Cc: KVM list To: Takuya Yoshikawa Return-path: Received: from mx1.redhat.com ([209.132.183.28]:13468 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1762749Ab0GUH17 (ORCPT ); Wed, 21 Jul 2010 03:27:59 -0400 In-Reply-To: <4C469350.3080008@oss.ntt.co.jp> Sender: kvm-owner@vger.kernel.org List-ID: On 07/21/2010 09:27 AM, Takuya Yoshikawa wrote: > Hi, > > > We are now checking about what we should do on vm fail-over. > > Concerning this, does anybody know about any danger about data > consistency when we are using shared disk? > > > What I'm concerning is if crashed VM-side host is still holding > buffered data, starting a new VM instance on another node may > result in file system corruption. > > This problem may similar to live-migration but little bit different > in the sense that VM is crashed -> cannot do anything from that point. > If the VM can't do anything, you're safe. Of course a crash doesn't mean a VM can't do anything, you typically need to isolate it by resetting the host or having a switch disconnect its storage and network. > > How about the combination of old or new guest OS and the following > settings? > > - writethrough > - writeback > - none > > If needed, we'll do sync by HA-side scripts before starting a new VM > instance. > I believe nothing special is needed, as long as a crash means both the qemu and host kernel crashed. If only qemu crashed, then the writeback case needs buffers flushed. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain.