On 01/31/2012 02:53 AM, Daniel P. Berrange wrote: >> In the meantime, shouldn't we at least wait longer before resorting >> to SIGKILL? (especially since it appears the current timeout is >> quite often too short). (If we don't at least do that, what we're >> saying is "the behavior of virDomainShutdown / virDomainDestroy is >> to lose your data unless you're lucky. If you don't want this >> behavior, you need to use virDomainXXXFlags, and specify the >> VIR_DOMAIN_DONT_TRASH_MY_DATA flag" :-P). > > If you add a flag to trigger a graceful kill(SIGINT) only, then > we don't need to change the timeout. The application now has the > ability to wait as long as they like, before issuing another > virDomainDestroy() The new flag only benefits new apps that are compiled to use the new flag. I see nothing wrong with lengthening the timeout when no flag is present, to also benefit the older apps that have not yet been recompiled to use the new flag, since as was pointed out, the loop gives up as soon as the process is gone, so in the common case, it won't change behavior, and in the timeout case, we are waiting longer and thus less likely to lose data. In other words, I'm in favor of both approaches (new flag and longer default timeout when no flag is used). -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list