On Wed, Mar 30, 2011 at 09:50:19PM +0800, Daniel Veillard wrote: > On Wed, Mar 30, 2011 at 09:39:14PM +0800, Osier Yang wrote: > > Hi, All > > > > I'm thinking to introduce a new flag (something like --remove-disks, > > --wipe-disks) for "virsh undefine", so that the user can choose > > whether to remove/wipe the disk devices or not, have seen this > > requirement in many places, @libvirt-users, public #virt, and also > > we have a bug of this function. So, IMHO this is a reasonable > > requirement, following is the rough thoughts: > > > > 1) General idea. > > As we don't have a API which can get all the disk devices of a > > domain, perhaps need to write functions to parse domain xml to > > extract the disks' path (this is annoyed, but seems don't other > > way), and then lookup them by storage volume API > > (virStorageVolLookupByPath), and then can remove or wipe > > the volume by (virStorageVolDelete/virStorageVolWipe). > > > > And for the disk path which doesn't belong to any storage pool, > > simply remove it by "unlink()"? > > Won't work for connection to remote hosts. > > > 2) Which type of devices can not be removed/wiped. > > > > * Can't delete/wipe ISCSI/SCSI vol. > > * Vol doesn't exists (which will throw an warning when do > > virStorageVolLookupByPath). > > * Have no write permission on the parent directory of the > > disk path. > > * Can't delete/wipe the disk device which is passthrough'ed > > from host, (e.g. /dev/sr0 as a CDROM device for guest) > > * The storage pool which the disk device belongs to as a vol > > is marked as "share" > > * The storage pool which the disk device belongs as a vol is > > readonly > > * can't delete disk device of network type. > > * Any others? > > > > For these situations, we need to do checking and throw > > straightforward warnings to tell user why it can't be > > removed/wiped. > > I would rather make this a flag of virDomainUndefine(), except > there is no flag argument for it :( I don't think this is a good idea. Applications should directly call the storage APIs for this, so that when we adding RBAC support to our APIs, we get correct access control checks on *each* volume being deleted / wiped. We won't want the 'undefine' API for a VM to be side-stepping the volume access controls. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list