[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state
|
From: |
Jamie Lokier |
|
Subject: |
Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state |
|
Date: |
Sat, 11 Jul 2009 01:42:58 +0100 |
|
User-agent: |
Mutt/1.5.13 (2006-08-11) |
malc wrote:
> > What happens if the destination host sends "migration completed", and
> > then the connection drops before that message is delivered reliably to
> > the sending host?
> >
> > The destination host will run the VM,
> > and the sending host will restart and run the VM too.
> >
> > Two copies of the same VM running together doesn't sound healthy.
> >
> > This is a classic handshaking problem and I'm not aware of any perfect
> > solution, only ways to ensure eventual recovery, and temporary
> > uncertainty errs on the side of caution. In this case, caution would
> > be neither VM running but a notification to the system manager of this
> > rare condition, and the possibility to recover when the two hosts are
> > able to resume communication. I don't know how to do better than that.
>
> Sounds like http://en.wikipedia.org/wiki/Two_Generals%27_Problem
It's not the same. Unlike the Two Generals, the handshake has
outcomes which allow progress with guaranteed safety. Two outcomes
result in one or other machine running, and a third outcome is both
machines being stopped, and repeatedly attempting to communicate for
recovery. Both machines stopped is undesirable (and may be a
catastrophe for some applications), but it is safe in some useful
sense - it's not a disastrous failure compared with both running.
Two Generals, on the other hand, doesn't have any safe solutions,
except for no progress at all. There is no way for either General to
proceed without some risk of failure, so the only strategy is to
minimise that probability.
-- Jamie
there is uncertainty
1. A sends "migration complete, you start running" to B, and A stops.
2. B sends "migration complete accepted" to A, and starts running.
If message 2 is lost, B will be running, A will be stopped, though A
is uncertain. A defers to the system operator, or keeps trying to
communicate with B.
If message 1 is lost, A
-
>
> --
> mailto:address@hidden
- [Qemu-devel] [PATCH 0/3] add "core dump"-like capability, Paolo Bonzini, 2009/07/09
- [Qemu-devel] [PATCH 1/3] move state and mon_resume to struct MigrationState, Paolo Bonzini, 2009/07/09
- [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Paolo Bonzini, 2009/07/09
- Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Anthony Liguori, 2009/07/10
- Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Jamie Lokier, 2009/07/10
- Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Anthony Liguori, 2009/07/11
- Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Avi Kivity, 2009/07/12
- Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Anthony Liguori, 2009/07/12
- Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Avi Kivity, 2009/07/12
- Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Gleb Natapov, 2009/07/13
- Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Gleb Natapov, 2009/07/13
- Re: [Qemu-devel] [PATCH 2/3] move vm stop/start to migrate_set_state, Anthony Liguori, 2009/07/13