From: Steven Whitehouse <swhiteho@redhat.com>
To: Stefan Hajnoczi <stefanha@redhat.com>,
"J. Bruce Fields" <bfields@fieldses.org>
Cc: "Daniel P. Berrange" <berrange@redhat.com>,
Chuck Lever <chuck.lever@oracle.com>,
Steve Dickson <SteveD@redhat.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
Matt Benjamin <mbenjami@redhat.com>,
Jeff Layton <jlayton@redhat.com>,
Justin Mitchell <jumitche@redhat.com>
Subject: Re: [PATCH nfs-utils v3 00/14] add NFS over AF_VSOCK support
Date: Fri, 22 Sep 2017 10:55:59 +0100 [thread overview]
Message-ID: <d760ecdc-988d-8145-f816-6faf8f2abf03@redhat.com> (raw)
In-Reply-To: <20170921170017.GK32364@stefanha-x1.localdomain>
Hi,
On 21/09/17 18:00, Stefan Hajnoczi wrote:
> On Tue, Sep 19, 2017 at 01:24:52PM -0400, J. Bruce Fields wrote:
>> On Tue, Sep 19, 2017 at 05:44:27PM +0100, Daniel P. Berrange wrote:
>>> On Tue, Sep 19, 2017 at 11:48:10AM -0400, Chuck Lever wrote:
>>>>> On Sep 19, 2017, at 11:10 AM, Daniel P. Berrange <berrange@redhat.com> wrote:
>>>>> VSOCK requires no guest configuration, it won't be broken accidentally
>>>>> by NetworkManager (or equivalent), it won't be mistakenly blocked by
>>>>> guest admin/OS adding "deny all" default firewall policy. Similar
>>>>> applies on the host side, and since there's separation from IP networking,
>>>>> there is no possibility of the guest ever getting a channel out to the
>>>>> LAN, even if the host is mis-configurated.
>>>> We don't seem to have configuration fragility problems with other
>>>> deployments that scale horizontally.
>>>>
>>>> IMO you should focus on making IP reliable rather than trying to
>>>> move familiar IP-based services to other network fabrics.
>>> I don't see that ever happening, except in a scenario where a single
>>> org is in tight control of the whole stack (host & guest), which is
>>> not the case for cloud in general - only some on-site clouds.
>> Can you elaborate?
>>
>> I think we're having trouble understanding why you can't just say "don't
>> do that" to someone whose guest configuration is interfering with the
>> network interface they need for NFS.
> Dan can add more information on the OpenStack use case, but your
> question is equally relevant to the other use case I mentioned - easy
> file sharing between host and guest.
>
> Management tools like virt-manager (https://virt-manager.org/) should
> support a "share directory with VM" feature. The user chooses a
> directory on the host, a mount point inside the guest, and then clicks
> OK. The directory should appear inside the guest.
>
> VMware, VirtualBox, etc have had file sharing for a long time. It's a
> standard feature.
>
> Here is how to implement it using AF_VSOCK:
> 1. Check presence of virtio-vsock device in VM or hotplug it.
> 2. Export directory from host NFS server (nfs-ganesha, nfsd, etc).
> 3. Send qemu-guest-agent command to (optionally) add /etc/fstab entry
> and then mount.
>
> The user does not need to take any action inside the guest.
> Non-technical users can share files without even knowing what NFS is.
>
> There are too many scenarios where guest administrator action is
> required with NFS over TCP/IP. We can't tell them "don't do that"
> because it makes this feature unreliable.
>
> Today we ask users to set up NFS or CIFS themselves. In many cases that
> is inconvenient and an easy file sharing feature would be much better.
>
> Stefan
>
I don't think we should give up on making NFS easy to use with TCP/IP in
such situations. With IPv6 we could have (for example) a device with a
well known link-local address at the host end, and an automatically
allocated link-local address at the guest end. In other words the same
as VSOCK, but with IPv6 rather than VSOCK addresses. At that point the
remainder of the NFS config steps would be identical to those you've
outlined with VSOCK above.
Creating a (virtual) network device which is restricted to host/guest
communication and automatically configures itself should be a lot less
work than adding a whole new protocol to NFS I think. It could also be
used for many other use cases too, as well as giving the choice between
NFS and CIFS. So it is much more flexible, and should be quicker to
implement too,
Steve.
next prev parent reply other threads:[~2017-09-22 9:56 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-13 10:26 [PATCH nfs-utils v3 00/14] add NFS over AF_VSOCK support Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 01/14] mount: don't use IPPROTO_UDP for address resolution Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 02/14] nfs-utils: add vsock.h Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 03/14] nfs-utils: add AF_VSOCK support to sockaddr.h Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 04/14] mount: present AF_VSOCK addresses Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 05/14] mount: accept AF_VSOCK in nfs_verify_family() Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 06/14] mount: generate AF_VSOCK clientaddr Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 07/14] getport: recognize "vsock" netid Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 08/14] mount: AF_VSOCK address parsing Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 09/14] exportfs: introduce host_freeaddrinfo() Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 10/14] exportfs: add AF_VSOCK address parsing and printing Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 11/14] exportfs: add AF_VSOCK support to set_addrlist() Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 12/14] exportfs: add support for "vsock:" exports(5) syntax Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 13/14] nfsd: add --vsock (-v) option to nfsd Stefan Hajnoczi
2017-09-13 10:26 ` [PATCH nfs-utils v3 14/14] tests: add "vsock:" exports(5) test case Stefan Hajnoczi
2017-09-13 16:21 ` [PATCH nfs-utils v3 00/14] add NFS over AF_VSOCK support Christoph Hellwig
2017-09-13 18:18 ` [nfsv4] " David Noveck
2017-09-13 18:21 ` Chuck Lever
2017-09-15 11:52 ` Stefan Hajnoczi
2017-09-13 22:39 ` NeilBrown
2017-09-14 15:39 ` Steve Dickson
2017-09-14 15:55 ` Steve Dickson
2017-09-14 17:37 ` J . Bruce Fields
2017-09-15 11:07 ` Jeff Layton
2017-09-15 15:17 ` J . Bruce Fields
2017-09-15 23:29 ` NeilBrown
2017-09-16 14:55 ` J . Bruce Fields
2017-09-15 13:12 ` Stefan Hajnoczi
2017-09-15 13:31 ` J . Bruce Fields
2017-09-15 13:59 ` Chuck Lever
2017-09-15 16:42 ` J. Bruce Fields
2017-09-16 15:55 ` Chuck Lever
2017-09-18 18:09 ` Stefan Hajnoczi
2017-09-19 9:31 ` Daniel P. Berrange
2017-09-19 14:35 ` Chuck Lever
2017-09-19 15:10 ` Daniel P. Berrange
2017-09-19 15:48 ` Chuck Lever
2017-09-19 16:44 ` Daniel P. Berrange
2017-09-19 17:24 ` J. Bruce Fields
2017-09-21 17:00 ` Stefan Hajnoczi
2017-09-22 9:55 ` Steven Whitehouse [this message]
2017-09-22 11:32 ` Jeff Layton
2017-09-22 12:08 ` Matt Benjamin
2017-09-22 12:26 ` Jeff Layton
2017-09-22 15:28 ` Stefan Hajnoczi
2017-09-22 16:23 ` Daniel P. Berrange
2017-09-22 18:31 ` Chuck Lever
2017-09-25 8:14 ` Daniel P. Berrange
2017-09-25 10:31 ` Chuck Lever
2017-09-22 11:43 ` Chuck Lever
2017-09-22 11:55 ` Daniel P. Berrange
2017-09-22 12:00 ` Chuck Lever
2017-09-22 12:10 ` Daniel P. Berrange
2017-09-22 19:14 ` J. Bruce Fields
2017-09-25 8:30 ` Daniel P. Berrange
2017-09-26 2:08 ` NeilBrown
2017-09-26 3:40 ` J. Bruce Fields
2017-09-26 10:56 ` Stefan Hajnoczi
2017-09-26 11:07 ` Daniel P. Berrange
2017-09-26 18:32 ` J. Bruce Fields
2017-09-27 0:45 ` NeilBrown
2017-09-27 13:05 ` Stefan Hajnoczi
2017-09-27 22:21 ` NeilBrown
2017-09-28 10:44 ` Stefan Hajnoczi
2017-09-27 13:35 ` J. Bruce Fields
2017-09-27 22:25 ` NeilBrown
2017-09-26 13:39 ` J. Bruce Fields
2017-09-26 13:42 ` J. Bruce Fields
2017-09-27 12:22 ` Stefan Hajnoczi
2017-09-27 13:46 ` J. Bruce Fields
2017-09-28 10:34 ` Stefan Hajnoczi
2017-09-19 17:37 ` Stefan Hajnoczi
2017-09-19 19:56 ` Chuck Lever
2017-09-19 20:42 ` J. Bruce Fields
2017-09-19 21:09 ` Chuck Lever
2017-09-20 13:16 ` J. Bruce Fields
2017-09-20 14:40 ` Chuck Lever
2017-09-20 14:45 ` J. Bruce Fields
2017-09-20 14:59 ` Chuck Lever
2017-09-20 15:25 ` Frank Filz
2017-09-20 18:17 ` Trond Myklebust
2017-09-20 18:34 ` bfields
2017-09-20 18:38 ` Trond Myklebust
2017-09-21 16:20 ` Stefan Hajnoczi
2017-09-20 14:58 ` Daniel P. Berrange
2017-09-20 16:39 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d760ecdc-988d-8145-f816-6faf8f2abf03@redhat.com \
--to=swhiteho@redhat.com \
--cc=SteveD@redhat.com \
--cc=berrange@redhat.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=jlayton@redhat.com \
--cc=jumitche@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=mbenjami@redhat.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).