Re: [PATCH RFC 1/2] migration: abort when switchover limit exceeded

Tue, 25 Jun 2024 12:46:48 -0700 

On Fri, Jun 21, 2024 at 07:32:20AM -0700, Elena Ufimtseva wrote:
> Introduce capability switchover_abort and migration parameter switchover_limit
> to allow for live migration abort when the source downtime exceeded by
> switchover_limit.
> 
> Signed-off-by: Elena Ufimtseva <elena.ufimts...@oracle.com>
> ---
>  hw/core/machine.c                  |  1 +
>  include/migration/client-options.h |  1 +
>  migration/migration-hmp-cmds.c     | 10 ++++++
>  migration/migration.c              | 39 +++++++++++++++++++++
>  migration/migration.h              |  5 +++
>  migration/options.c                | 56 ++++++++++++++++++++++++++++++
>  migration/options.h                |  1 +
>  migration/savevm.c                 | 13 +++++++
>  qapi/migration.json                | 27 +++++++++++---
>  9 files changed, 149 insertions(+), 4 deletions(-)

> diff --git a/qapi/migration.json b/qapi/migration.json
> index 470f746cc5..069a44f207 100644
> --- a/qapi/migration.json
> +++ b/qapi/migration.json
> @@ -469,6 +469,10 @@
>  #     each RAM page.  Requires a migration URI that supports seeking,
>  #     such as a file.  (since 9.0)
>  #
> +# @switchover-abort: abort migration if downtime exceeds the downtime
> +#     limit configured by the specified value by switchover-limit
> +#     migration parameter.
> +#
>  # Features:
>  #
>  # @unstable: Members @x-colo and @x-ignore-shared are experimental.
> @@ -485,7 +489,7 @@
>             { 'name': 'x-ignore-shared', 'features': [ 'unstable' ] },
>             'validate-uuid', 'background-snapshot',
>             'zero-copy-send', 'postcopy-preempt', 'switchover-ack',
> -           'dirty-limit', 'mapped-ram'] }
> +           'dirty-limit', 'mapped-ram', 'switchover-abort'] }
>  
>  ##
>  # @MigrationCapabilityStatus:
> @@ -821,6 +825,10 @@
>  #     See description in @ZeroPageDetection.  Default is 'multifd'.
>  #     (since 9.0)
>  #
> +# @switchover-limit: Switchover limit (ms) that would be used to
> +#     intiate abort of live migration if the total switchover time
> +#     exceeded downtime_limit + switchover_limit (Since 9.1)

IMHO switchover_limit should not exist.

When 'switchover-abort' is enabled, then the existing downtime_limit
semantics should just be defined to also include the switchover
time.  The admin (on behalf of the guest owner) only cares about
the overall downtime experianced by the VM, not the individual
phases of the switch process.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Reply via email to