[occi-wg] OCCI MC - State Machine Diagram
chris.webb at elastichosts.com
Mon Apr 20 08:16:28 CDT 2009
Alexis Richardson <alexis.richardson at gmail.com> writes:
> I am interested in how EH and GG deal with exceptions. Chris?
We try to flag all the significant errors synchronously during the create
call. If you get success back, a VM exists and is running with the requested
drives and network interfaces. Conversely you'll always get an immediate
error back if (say) you try to specify an IP that doesn't belong to you, or
use a drive which doesn't exist, or has exclusive locking enabling and is
already mounted elsewhere, or whatever.
Our API only operates at the virtual machine level. As far as we're
concerned, measuring or interfering with the guest OS other than by
providing virtual hardware for it would be a gross layering violation. Since
like Amazon we have no concept of stopped servers at the API level (they
exist in the web interface for convenience), this means we only have one
user-visible guest state: if a guest exists at all, it is active and
Migration of storage and guests within our infrastructure is only allowed if
it is completely transparent to users, so again this isn't signalled to
unprivileged users. Thus the only cases we have to deal with are when a
guest exits (ACPI power down) or if an infrastructure host explodes and a
guest must be revived (which looks like a hard reset from outside).
At infrastructure level, our API between the management system and the
individual hosts is the same API our users use, but with extra 'privileged'
features. There we have HTTP callbacks ('callback:exit' key) available to
signal when a guest disappears or is revived following a host crash, which
are used internally for billing amongst other things.
Although I don't think these are exposed to our end users through our
unprivileged API yet, they will be. (However, for what it's worth, real
users seem to prefer to do their "I've just booted" and "I'm going to shut
down now" notifications within their guest OSes where they get a free choice
of mechanism, and usually monitor their virtual machines over IP like they
would physical servers, so we never had anyone ask for the callback stuff.)
More information about the occi-wg