From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Ahmed Karaman" <ahmedkhaledkaraman@gmail.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
"John Snow" <jsnow@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Cleber Rosa" <crosa@redhat.com>
Subject: [PULL 11/19] python/machine.py: split shutdown into hard and soft flavors
Date: Wed, 15 Jul 2020 00:21:24 +0200 [thread overview]
Message-ID: <20200714222132.10815-12-philmd@redhat.com> (raw)
In-Reply-To: <20200714222132.10815-1-philmd@redhat.com>
From: John Snow <jsnow@redhat.com>
This is done primarily to avoid the 'bare except' pattern, which
suppresses all exceptions during shutdown and can obscure errors.
Replace this with a pattern that isolates the different kind of shutdown
paradigms (_hard_shutdown and _soft_shutdown), and a new fallback shutdown
handler (_do_shutdown) that gracefully attempts one before the other.
This split now also ensures that no matter what happens,
_post_shutdown() is always invoked.
shutdown() changes in behavior such that if it attempts to do a graceful
shutdown and is unable to, it will now always raise an exception to
indicate this. This can be avoided by the test writer in three ways:
1. If the VM is expected to have already exited or is in the process of
exiting, wait() can be used instead of shutdown() to clean up resources
instead. This helps avoid race conditions in shutdown.
2. If a test writer is expecting graceful shutdown to fail, shutdown
should be called in a try...except block.
3. If the test writer has no interest in performing a graceful shutdown
at all, kill() can be used instead.
Handling shutdown in this way makes it much more explicit which type of
shutdown we want and allows the library to report problems with this
process.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Cleber Rosa <crosa@redhat.com>
Tested-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20200710050649.32434-11-jsnow@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
python/qemu/machine.py | 98 +++++++++++++++++++++++++++++++++++-------
1 file changed, 83 insertions(+), 15 deletions(-)
diff --git a/python/qemu/machine.py b/python/qemu/machine.py
index 3f0b873f58..a955e3f221 100644
--- a/python/qemu/machine.py
+++ b/python/qemu/machine.py
@@ -49,6 +49,12 @@ class QEMUMachineAddDeviceError(QEMUMachineError):
"""
+class AbnormalShutdown(QEMUMachineError):
+ """
+ Exception raised when a graceful shutdown was requested, but not performed.
+ """
+
+
class MonitorResponseError(qmp.QMPError):
"""
Represents erroneous QMP monitor reply
@@ -376,6 +382,7 @@ def _early_cleanup(self) -> None:
"""
Perform any cleanup that needs to happen before the VM exits.
+ May be invoked by both soft and hard shutdown in failover scenarios.
Called additionally by _post_shutdown for comprehensive cleanup.
"""
# If we keep the console socket open, we may deadlock waiting
@@ -385,32 +392,93 @@ def _early_cleanup(self) -> None:
self._console_socket.close()
self._console_socket = None
+ def _hard_shutdown(self) -> None:
+ """
+ Perform early cleanup, kill the VM, and wait for it to terminate.
+
+ :raise subprocess.Timeout: When timeout is exceeds 60 seconds
+ waiting for the QEMU process to terminate.
+ """
+ self._early_cleanup()
+ self._popen.kill()
+ self._popen.wait(timeout=60)
+
+ def _soft_shutdown(self, has_quit: bool = False,
+ timeout: Optional[int] = 3) -> None:
+ """
+ Perform early cleanup, attempt to gracefully shut down the VM, and wait
+ for it to terminate.
+
+ :param has_quit: When True, don't attempt to issue 'quit' QMP command
+ :param timeout: Optional timeout in seconds for graceful shutdown.
+ Default 3 seconds, A value of None is an infinite wait.
+
+ :raise ConnectionReset: On QMP communication errors
+ :raise subprocess.TimeoutExpired: When timeout is exceeded waiting for
+ the QEMU process to terminate.
+ """
+ self._early_cleanup()
+
+ if self._qmp is not None:
+ if not has_quit:
+ # Might raise ConnectionReset
+ self._qmp.cmd('quit')
+
+ # May raise subprocess.TimeoutExpired
+ self._popen.wait(timeout=timeout)
+
+ def _do_shutdown(self, has_quit: bool = False,
+ timeout: Optional[int] = 3) -> None:
+ """
+ Attempt to shutdown the VM gracefully; fallback to a hard shutdown.
+
+ :param has_quit: When True, don't attempt to issue 'quit' QMP command
+ :param timeout: Optional timeout in seconds for graceful shutdown.
+ Default 3 seconds, A value of None is an infinite wait.
+
+ :raise AbnormalShutdown: When the VM could not be shut down gracefully.
+ The inner exception will likely be ConnectionReset or
+ subprocess.TimeoutExpired. In rare cases, non-graceful termination
+ may result in its own exceptions, likely subprocess.TimeoutExpired.
+ """
+ try:
+ self._soft_shutdown(has_quit, timeout)
+ except Exception as exc:
+ self._hard_shutdown()
+ raise AbnormalShutdown("Could not perform graceful shutdown") \
+ from exc
+
def shutdown(self, has_quit: bool = False,
hard: bool = False,
timeout: Optional[int] = 3) -> None:
"""
- Terminate the VM and clean up
+ Terminate the VM (gracefully if possible) and perform cleanup.
+ Cleanup will always be performed.
+
+ If the VM has not yet been launched, or shutdown(), wait(), or kill()
+ have already been called, this method does nothing.
+
+ :param has_quit: When true, do not attempt to issue 'quit' QMP command.
+ :param hard: When true, do not attempt graceful shutdown, and
+ suppress the SIGKILL warning log message.
+ :param timeout: Optional timeout in seconds for graceful shutdown.
+ Default 3 seconds, A value of None is an infinite wait.
"""
if not self._launched:
return
- self._early_cleanup()
-
- if self.is_running():
+ try:
if hard:
- self._popen.kill()
- elif self._qmp:
- try:
- if not has_quit:
- self._qmp.cmd('quit')
- self._popen.wait(timeout=timeout)
- except:
- self._popen.kill()
- self._popen.wait(timeout=timeout)
-
- self._post_shutdown()
+ self._hard_shutdown()
+ else:
+ self._do_shutdown(has_quit, timeout=timeout)
+ finally:
+ self._post_shutdown()
def kill(self):
+ """
+ Terminate the VM forcefully, wait for it to exit, and perform cleanup.
+ """
self.shutdown(hard=True)
def wait(self, timeout: Optional[int] = None) -> None:
--
2.21.3
next prev parent reply other threads:[~2020-07-14 22:25 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-14 22:21 [PULL 00/19] Python patches for 5.1 Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 01/19] scripts/performance: Add dissect.py script Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 02/19] python/machine.py: consolidate _post_shutdown() Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 03/19] python/machine.py: Close QMP socket in cleanup Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 04/19] python/machine.py: Add _early_cleanup hook Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 05/19] python/machine.py: Perform early cleanup for wait() calls, too Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 06/19] python/machine.py: Prohibit multiple shutdown() calls Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 07/19] python/machine.py: Add a configurable timeout to shutdown() Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 08/19] python/machine.py: Make wait() call shutdown() Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 09/19] tests/acceptance: wait() instead of shutdown() where appropriate Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 10/19] tests/acceptance: Don't test reboot on cubieboard Philippe Mathieu-Daudé
2020-07-14 22:21 ` Philippe Mathieu-Daudé [this message]
2020-07-14 22:21 ` [PULL 12/19] python/machine.py: re-add sigkill warning suppression Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 13/19] python/machine.py: change default wait timeout to 3 seconds Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 14/19] python/qmp.py: Define common types Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 15/19] iotests.py: use qemu.qmp type aliases Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 16/19] python/qmp.py: re-absorb MonitorResponseError Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 17/19] python/qmp.py: Do not return None from cmd_obj Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 18/19] python/qmp.py: add casts to JSON deserialization Philippe Mathieu-Daudé
2020-07-14 22:21 ` [PULL 19/19] python/qmp.py: add QMPProtocolError Philippe Mathieu-Daudé
2020-07-15 12:53 ` [PULL 00/19] Python patches for 5.1 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200714222132.10815-12-philmd@redhat.com \
--to=philmd@redhat.com \
--cc=ahmedkhaledkaraman@gmail.com \
--cc=crosa@redhat.com \
--cc=ehabkost@redhat.com \
--cc=jsnow@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).