When libvirt components get updated on a hypervisor, VMs continue running with obsolete files. Programs like "needrestart" alert one to this condition with messages like:
VM guests are running outdated hypervisor (qemu) binaries on this host: 'bazquux' with pid 1234 Normal restarting of a VM (from within or with `virsh reboot ...`) does not resolve it because it's 'warm'; VMs must be completely shut down then started again to utilise the updates. Afaik, to do so reliably, in a way that minimises downtime, requires scripts like this: (d=bazquux; virsh shutdown --domain "$d" && until LC_ALL=C LANG=C virsh domstate --domain "$d" | grep -Fi 'shut off' &> /dev/null; do echo ...; sleep 1; done && virsh start --domain "$d") Adding a timeout complicates that further. Options for this logic to be performed by virsh would be beneficial, as a single operation: virsh reboot --domain bazquux --cold And by allowing poweroff to wait: (d=bazquux; virsh shutdown --domain "$d" --synchronous && virsh start --domain "$d") The latter would also assist with scripting changes to a VM that can only be performed whilst it is not running (shutdown -> alter -> start). Ideally, these would accept `--timeout n` so that if the shutdown portion was not completed quickly enough, they would fail and exit with a non-zero status, and the former would not start the VM again. I'm not sure of a good way to handle this where `on_poweroff` is set to something that doesn't result in the machine being shut off.
