On 04/25/2018 04:46 AM, Peter Krempa wrote: > On Wed, Apr 25, 2018 at 09:39:49 +0100, Daniel Berrange wrote: >> On Wed, Apr 25, 2018 at 10:32:05AM +0200, Peter Krempa wrote: >>> >>> Well, that depends. I did not read the docs for this thoroughly enough. >>> If it is okay for us to generate a new GUID upon every boot of a VM then >>> this will be for a rather simple implementation, since we have a very >>> limited set of situations when we are starting a new qemu process which >>> should NOT change the GUID and we will change it in all other scenarios. >> >> AFAIK, we *must* change GUID on every cold boot > > Good, that makes things rather simple. > This one is not really 100% clear to me. The "spec" is like 6 pages - it's a pretty quick read... http://go.microsoft.com/fwlink/?LinkId=260709 The last 2 pages describe "when" the GUID should change and specifically calling out cold boot is not one of those. What leads me to believe otherwise is the two boot scenarios and the unspecified VM config changes have this "undertone" that using the same GUID for those scenarios is fine/expected. I really don't want to follow the ~20 attempts to get genid into QEMU - I'll give up way before then ;-)! >>> A second consideration then is whether to allow user-specified GUID at >>> all, but I guess mgmt applications may have a different idea when it's >>> necessary to change and thus it makes sense to allow that. For that >>> situation the provided GUID should be always honoured. >> >> The microsoft spec describes exactly why GUID must change, and mgmt >> applications must not deviate from those rules to make up their own. >> >> So the question is not whether the mgmt app has a different idea of >> when to change GUID. Rather, we should consider whether there is any >> situation in which it is impossible for libvirt todo the right thing >> according to the microsoft spec. >> >> If libvirt has enough knowledge to always do the right thing, then >> we could refuse to make it user configurable - just report what is >> set. Not sure we can "decide" to not make it user configurable, but then again it's also not specifically stated from how I read things. > > The only thing that comes into my mind is the non-managed save/restore > case. In that scenario both options make somewhat sense and libvirt > can't really tell which is the case. > > That can be handled with an API flag though, since we can use the GUID > stored in the save image. > The spec says : "Restoring from backup – Restoring a backup image will cause a previous workload time interval to be re-executed. Upon restore, the components of the backup are enumerated and replaced on the restore target by the VSS system. The affected configuration files are simply copied and not re-realized on the host. The restore sequence will be modified to post process the restore target and apply new generation identifiers to the restored configuration files." I read that as change the GUID and did so during startup processing from the qemuDomainSaveImageStartVM. Although I suppose it could also be read as altering the GUID before the virDomainObjListAdd in qemuDomainRestoreFlags and before the virDomainObjAssignDef in qemuDomainObjRestore. Since both called the latter and the running config for which the GUID is formatted is saved in the latter it "felt reasonable" to not have duplicated code. John -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
