This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] xm shutdown timeout

To: Keir Fraser <keir@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] xm shutdown timeout
From: John Levon <levon@xxxxxxxxxxxxxxxxx>
Date: Wed, 23 May 2007 16:56:41 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 23 May 2007 08:49:53 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C279B5D2.F607%keir@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20070523025146.GA17438@xxxxxxxxxxxxxxxxxxxxxxx> <C279B5D2.F607%keir@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i
On Wed, May 23, 2007 at 09:11:46AM +0100, Keir Fraser wrote:

> > xend has a timeout such that if an 'xm shutdown' request does not result
> > in the domain shutting down within a certain time period, the domain is
> > violently destroyed.
> > 
> > This seems like a strange choice - if the domain isn't responding
> > properly to such requests, then it must be in a buggy state, and should
> > surely be preserved for administrator action (dumping core, destroying,
> > whatever).
> > 
> > Is there any other purpose to this timeout?
> Hmmm... Actually it may be that we unconditionally kill the domain if it
> ignores shutdown.

                    if timeout < 0:
                            "Domain shutdown timeout expired: name=%s id=%s",
                            self.info['name_label'], self.domid)

> If that is the case, we should instead force it into whatever the the
> target of the 'sm shutdown' command was, and then execute the action
> specified in the config file.

But this still isn't right. Normally I want the domain destroyed when I
do a shutdown (it is, after all, a shutdown). However, if the domain
/does not shutdown cleanly/, there are a number of things I might want:

- I might want a core dump, so I can log a bug
- I might want to keep the domain running so I can grab the console and
  poke around
- it might be some known bug or some strange configuration, and I want
  it destroyed

This is an abnormal situation and the default on_poweroff/on_reboot
settings can't cover it. I believe something along the lines of:


is exactly the correct thing to do.


Xen-devel mailing list