libvirt/docs/hooks.html.in
Daniel P. Berrange 6510c97bf5 Add some missing hook functions
A core use case of the hook scripts is to be able to do things
to a guest's network configuration. It is possible to hook into
the 'start' operation for a QEMU guest which runs just before
the guest is started. The TAP devices will exist at this point,
but the QEMU process will not. It can be desirable to have a
'started' hook too, which runs once QEMU has started.

If libvirtd is restarted it will re-populate firewall rules,
but there is no QEMU hook to trigger for existing domains.
This is solved with a 'reconnect' hook.

Finally, if attaching to an external QEMU process there needs
to be an 'attach' hook script.

This all also applies to the LXC driver

* docs/hooks.html.in: Document new operations
* src/util/hooks.c, src/util/hooks.c: Add 'started', 'reconnect'
  and 'attach' operations for QEMU. Add 'prepare', 'started',
  'release' and 'reconnect' operations for LXC
* src/lxc/lxc_driver.c: Add hooks for 'prepare', 'started',
  'release' and 'reconnect' operations
* src/qemu/qemu_process.c: Add hooks for 'started', 'reconnect'
  and 'reconnect' operations
2012-06-13 18:23:00 +01:00

252 lines
13 KiB
XML

<?xml version="1.0"?>
<html>
<body>
<h1>Hooks for specific system management</h1>
<ul id="toc"></ul>
<h2><a name="intro">Custom event scripts</a></h2>
<p>Beginning with libvirt 0.8.0, specific events on a host system will
trigger custom scripts.</p>
<p>These custom <b>hook</b> scripts are executed when any of the following
actions occur:</p>
<ul>
<li>The libvirt daemon starts, stops, or reloads its
configuration<br/><br/></li>
<li>A QEMU guest is started or stopped<br/><br/></li>
<li>An LXC guest is started or stopped<br/><br/></li>
</ul>
<h2><a name="location">Script location</a></h2>
<p>The libvirt hook scripts are located in the directory
<code>$SYSCONFDIR/libvirt/hooks/</code>.</p>
<ul>
<li>In Linux distributions such as Fedora and RHEL, this is
<code>/etc/libvirt/hooks/</code>. Other Linux distributions may do
this differently.</li>
<li>If your installation of libvirt has instead been compiled from
source, it is likely to be
<code>/usr/local/etc/libvirt/hooks/</code>.</li>
</ul>
<p>To use hook scripts, you will need to create this <code>hooks</code>
directory manually, place the desired hook scripts inside, then make
them executable.</p>
<br/>
<h2><a name="names">Script names</a></h2>
<p>At present, there are three hook scripts that can be called:</p>
<ul>
<li><code>/etc/libvirt/hooks/daemon</code><br/><br/>
Executed when the libvirt daemon is started, stopped, or reloads
its configuration<br/><br/></li>
<li><code>/etc/libvirt/hooks/qemu</code><br/><br/>
Executed when a QEMU guest is started, stopped, or migrated<br/><br/></li>
<li><code>/etc/libvirt/hooks/lxc</code><br /><br/>
Executed when an LXC guest is started or stopped</li>
</ul>
<br/>
<h2><a name="structure">Script structure</a></h2>
<p>The hook scripts are executed using standard Linux process creation
functions. Therefore, they must begin with the declaration of the
command interpreter to use.</p>
<p>For example:</p>
<pre>#!/bin/bash</pre>
<p>or:</p>
<pre>#!/usr/bin/python</pre>
<p>Other command interpreters are equally valid, as is any executable
binary, so you are welcome to use your favourite languages.</p>
<br/>
<h2><a name="arguments">Script arguments</a></h2>
<p>The hook scripts are called with specific command line arguments,
depending upon the script, and the operation being performed.</p>
<p>The guest hook scripts, qemu and lxc, are also given the <b>full</b>
XML description for the domain on their stdin. This includes items
such the UUID of the domain and its storage information, and is
intended to provide all the libvirt information the script needs.</p>
<p>The command line arguments take this approach:</p>
<ol>
<li>The first argument is the name of the <b>object</b> involved in the
operation, or '-' if there is none.<br/><br/>
For example, the name of a guest being started.<br/><br/></li>
<li>The second argument is the name of the <b>operation</b> being
performed.<br/><br/>
For example, "start" if a guest is being started.<br/><br/></li>
<li>The third argument is a <b>sub-operation</b> indication, or '-' if there
is none.<br/><br/></li>
<li>The last argument is an <b>extra argument</b> string, or '-' if there is
none.</li>
</ol>
<h4><a name="arguments_specifics">Specifics</a></h4>
<p>This translates to the following specifics for each hook script:</p>
<h5><a name="daemon">/etc/libvirt/hooks/daemon</a></h5>
<ul>
<li>When the libvirt daemon is started, this script is called as:<br/>
<pre>/etc/libvirt/hooks/daemon - start - start</pre></li>
<li>When the libvirt daemon is shut down, this script is called as:<br/>
<pre>/etc/libvirt/hooks/daemon - shutdown - shutdown</pre></li>
<li>When the libvirt daemon receives the SIGHUP signal, it reloads its
configuration and triggers the hook script as:<br/>
<pre>/etc/libvirt/hooks/daemon - reload begin SIGHUP</pre></li>
</ul>
<p>Please note that when the libvirt daemon is restarted, the <i>daemon</i>
hook script is called once with the "shutdown" operation, and then once
with the "start" operation. There is no specific operation to indicate
a "restart" is occurring.</p>
<h5><a name="qemu">/etc/libvirt/hooks/qemu</a></h5>
<ul>
<li>Before a QEMU guest is started, the qemu hook script is
called in three locations; if any location fails, the guest
is not started. The first location, <span class="since">since
0.9.0</span>, is before libvirt performs any resource
labeling, and the hook can allocate resources not managed by
libvirt such as DRBD or missing bridges. This is called as:<br/>
<pre>/etc/libvirt/hooks/qemu guest_name prepare begin -</pre>
The second location, available <span class="since">Since
0.8.0</span>, occurs after libvirt has finished labeling
all resources, but has not yet started the guest, called as:<br/>
<pre>/etc/libvirt/hooks/qemu guest_name start begin -</pre>
The third location, <span class="since">0.9.13</span>,
occurs after the QEMU process has successfully started up:<br/>
<pre>/etc/libvirt/hooks/qemu guest_name started begin -</pre>
</li>
<li>When a QEMU guest is stopped, the qemu hook script is called
in two locations, to match the startup.
First, <span class="since">since 0.8.0</span>, the hook is
called before libvirt restores any labels:<br/>
<pre>/etc/libvirt/hooks/qemu guest_name stopped end -</pre>
Then, after libvirt has released all resources, the hook is
called again, <span class="since">since 0.9.0</span>, to allow
any additional resource cleanup:<br/>
<pre>/etc/libvirt/hooks/qemu guest_name release end -</pre></li>
<li><span class="since">Since 0.9.11</span>, the qemu hook script
is also called at the beginning of incoming migration. It is called
as: <pre>/etc/libvirt/hooks/qemu guest_name migrate begin -</pre>
with domain XML sent to standard input of the script. In this case,
the script acts as a filter and is supposed to modify the domain
XML and print it out on its standard output. Empty output is
identical to copying the input XML without changing it. In case the
script returns failure or the output XML is not valid, incoming
migration will be canceled. This hook may be used, e.g., to change
location of disk images for incoming domains.</li>
<li><span class="since">Since 0.9.13</span>, the qemu hook script
is also called when the libvirtd daemon restarts and reconnects
to previously running QEMU processes. If the script fails, the
existing QEMU process will be killed off. It is called as:
<pre>/etc/libvirt/hooks/qemu guest_name reconnect begin -</pre>
</li>
<li><span class="since">Since 0.9.13</span>, the qemu hook script
is also called when the QEMU driver is told to attach to an
externally launched QEMU process. It is called as:
<pre>/etc/libvirt/hooks/qemu guest_name attach begin -</pre>
</li>
</ul>
<h5><a name="lxc">/etc/libvirt/hooks/lxc</a></h5>
<ul>
<li>Before a LXC guest is started, the lxc hook script is
called in three locations; if any location fails, the guest
is not started. The first location, <span class="since">since
0.9.13</span>, is before libvirt performs any resource
labeling, and the hook can allocate resources not managed by
libvirt such as DRBD or missing bridges. This is called as:<br/>
<pre>/etc/libvirt/hooks/lxc guest_name prepare begin -</pre>
The second location, available <span class="since">Since
0.8.0</span>, occurs after libvirt has finished labeling
all resources, but has not yet started the guest, called as:<br/>
<pre>/etc/libvirt/hooks/lxc guest_name start begin -</pre>
The third location, <span class="since">0.9.13</span>,
occurs after the LXC process has successfully started up:<br/>
<pre>/etc/libvirt/hooks/lxc guest_name started begin -</pre>
</li>
<li>When a LXC guest is stopped, the lxc hook script is called
in two locations, to match the startup.
First, <span class="since">since 0.8.0</span>, the hook is
called before libvirt restores any labels:<br/>
<pre>/etc/libvirt/hooks/lxc guest_name stopped end -</pre>
Then, after libvirt has released all resources, the hook is
called again, <span class="since">since 0.9.0</span>, to allow
any additional resource cleanup:<br/>
<pre>/etc/libvirt/hooks/lxc guest_name release end -</pre></li>
<li><span class="since">Since 0.9.13</span>, the lxc hook script
is also called when the libvirtd daemon restarts and reconnects
to previously running LXC processes. If the script fails, the
existing LXC process will be killed off. It is called as:
<pre>/etc/libvirt/hooks/lxc guest_name reconnect begin -</pre>
</li>
</ul>
<br/>
<h2><a name="execution">Script execution</a></h2>
<ul>
<li>The "start" operation for the guest hook scripts, qemu and lxc,
executes <b>prior</b> to the guest being created. This allows the
guest start operation to be aborted if the script returns indicating
failure.<br/><br/></li>
<li>The "shutdown" operation for the guest hook scripts, qemu and lxc,
executes <b>after</b> the guest has stopped. If the hook script
indicates failure in its return, the shut down of the guest cannot
be aborted because it has already been performed.<br/><br/></li>
<li>Hook scripts execute in a synchronous fashion. Libvirt waits
for them to return before continuing the given operation.<br/><br/>
This is most noticeable with the guest start operation, as a lengthy
operation in the hook script can mean an extended wait for the guest
to be available to end users.<br/><br/></li>
<li>For a hook script to be utilised, it must have its execute bit set
(ie. chmod o+rx <i>qemu</i>), and must be present when the libvirt
daemon is started.<br/><br/></li>
<li>If a hook script is added to a host after the libvirt daemon is
already running, it won't be used until the libvirt daemon
next starts.</li>
</ul>
<br/>
<h2><a name="qemu_migration">QEMU guest migration</a></h2>
<p>Migration of a QEMU guest involves running hook scripts on both the
source and destination hosts:</p>
<ol>
<li>At the beginning of the migration, the <i>qemu</i> hook script on
the <b>destination</b> host is executed with the "migrate"
operation.</li>
<li>Before QEMU process is spawned, the two operations ("prepare" and
"start") called for domain start are executed on
<b>destination</b> host.</li>
<li>If both of these hook script executions exit successfully (exit
status 0), the migration continues. Any other exit code indicates
failure, and the migration is aborted.</li>
<li>The QEMU guest is then migrated to the destination host.</li>
<li>Unless an error occurs during the migration process, the <i>qemu</i>
hook script on the <b>source</b> host is then executed with the
"stopped" and "release" operations to indicate it is no longer
running on this host. Regardless of the return codes, the
migration is not aborted as it has already been performed.</li>
</ol>
<br/>
<h2><a name="recursive">Calling libvirt functions from within a hook script</a></h2>
<p><b>DO NOT DO THIS!</b></p>
<p>A hook script must not call back into libvirt, as the libvirt daemon
is already waiting for the script to exit.</p>
<p>A deadlock is likely to occur.</p>
<br/>
<h2><a name="return_codes">Return codes and logging</a></h2>
<p>If a hook script returns with an exit code of 0, the libvirt daemon
regards this as successful and performs no logging of it.</p>
<p>However, if a hook script returns with a non zero exit code, the libvirt
daemon regards this as a failure, logs it with return code 256, and
additionally logs anything on stderr the hook script returns.</p>
<p>For example, a hook script might use this code to indicate failure,
and send a text string to stderr:</p>
<pre>echo "Could not find required XYZZY" &gt;&amp;2
exit 1</pre>
<p>The resulting entry in the libvirt log will appear as:</p>
<pre>20:02:40.297: error : virHookCall:416 : Hook script execution failed: Hook script /etc/libvirt/hooks/qemu qemu failed with error code 256:Could not find required XYZZY</pre>
</body>
</html>