Re: [Qemu-devel] Re: [libvirt] Libvirt debug API

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Anthony Liguori <anthony@codemonkey.ws>
To: Avi Kivity <avi@redhat.com>
Cc: Libvirt <libvir-list@redhat.com>,
	Jiri Denemark <jdenemar@redhat.com>,
	Chris Lalancette <clalance@redhat.com>,
	qemu-devel@nongnu.org, Luiz Capitulino <lcapitulino@redhat.com>
Subject: Re: [Qemu-devel] Re: [libvirt] Libvirt debug API
Date: Mon, 26 Apr 2010 08:46:46 -0500	[thread overview]
Message-ID: <4BD59946.8040705@codemonkey.ws> (raw)
In-Reply-To: <4BD597F1.2010205@redhat.com>

On 04/26/2010 08:41 AM, Avi Kivity wrote:
>> Today, you have to make changes to libvirt whereas in a direct launch 
>> model, you get all of the neat security features linux supports for 
>> free.
>
> But you lose tap networking, unless you have a privileged helper.  And 
> how is the privileged helper to authenticate the qemu calling it?

There are a variety of ways.  My original proposal used a policy file.

>>>> And I've said in the past that I don't like the idea of a qemud :-)
>>>
>>> I must have missed it.  Why not?  Every other hypervisor has a 
>>> central management entity.
>>
>> Because you end up launching all guests from a single security context.
>
> Run multiple qemuds?
>
> But what you say makes sense.  It's similar to the fork()  /* do 
> interesting stuff */ exec() model, compared to the spawn(..., 
> hardcoded list of interesting stuff).
>
>>>> Yeah, that's where I'm at.  I'd eventually like libvirt to use our 
>>>> provided API and I can see where it would add value to the stack 
>>>> (by doing things like storage and network management).
>>>
>>> We do provide an API, qmp, and libvirt uses it?
>>
>> Yeah, but we need to support more features (like guest enumeration).
>
>
> What are our options?
>
> 1) qemud launches, enumerates
> 2) user launches, qemu registers in qemud
> 3) user launches, qemu registers in filesystem
> 4) you launched it, you enumerate it

Both 2 and 3 are appealing to me.

>> (3) The system management application can certainly create whatever 
>> context it wants to launch a vm from.  It's comes down to who's 
>> responsible for creating the context the guest runs under.  I think 
>> doing that at the libvirt level takes away a ton of flexibility from 
>> the management application.
>
> If you want to push the flexibility slider all the way to the right 
> you get bare qemu.  It exposes 100% of qemu capabilities.  And it's 
> not so bad these days.  But it's not something that can be remoted.

As I mentioned earlier, remoting is not a very important use-case to me.

Does RHEV-M actually use the remote libvirt interface?  I assume it'll 
talk to vdsm via some protocol and vdsm will use the local libvirt API.  
I suspect most uses of libvirt are actually local uses.

Regards,

Anthony Liguori

next prev parent reply	other threads:[~2010-04-26 13:46 UTC|newest]

Thread overview: 66+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-04-09 13:41 [Qemu-devel] Libvirt debug API Chris Lalancette
2010-04-09 14:27 ` [Qemu-devel] Re: [libvirt] " Daniel P. Berrange
2010-04-09 18:16   ` Chris Lalancette
2010-04-12 12:41     ` Daniel P. Berrange
2010-04-12 13:56       ` Chris Lalancette
2010-04-12 14:18         ` Daniel P. Berrange
2010-04-09 21:06   ` Jamie Lokier
2010-04-09 21:30     ` [libvirt] [Qemu-devel] " Eric Blake
2010-04-10 12:05       ` Paolo Bonzini
2010-04-11 20:28     ` [Qemu-devel] Re: [libvirt] " Richard W.M. Jones
2010-04-11 22:17       ` Jamie Lokier
     [not found]         ` <20100412085621.GN26162@redhat.com>
2010-04-12 12:23           ` [libvirt] [Qemu-devel] " Jamie Lokier
2010-04-12 13:05             ` Daniel P. Berrange
2010-04-22 18:47             ` Anthony Liguori
2010-04-23  6:36               ` Jes Sorensen
2010-04-23 10:30               ` Daniel P. Berrange
2010-04-12 12:53         ` [Qemu-devel] Re: [libvirt] " Daniel P. Berrange
2010-04-12 15:20   ` Luiz Capitulino
2010-04-22 18:49     ` Anthony Liguori
2010-04-23 12:48       ` Avi Kivity
2010-04-23 13:48         ` Anthony Liguori
2010-04-23 14:24           ` Avi Kivity
2010-04-23 14:36             ` [libvirt] [Qemu-devel] " Daniel P. Berrange
2010-04-26 12:54               ` Jamie Lokier
2010-04-26 14:25                 ` Chris Lalancette
2010-04-26 14:34                   ` Avi Kivity
2010-04-26 14:54                     ` Daniel P. Berrange
2010-04-26 15:08                       ` Anthony Liguori
2010-04-26 15:20                         ` Daniel P. Berrange
2010-04-26 15:55                           ` Anthony Liguori
2010-04-23 18:29             ` [Qemu-devel] Re: [libvirt] " Anthony Liguori
2010-04-24  9:46               ` Avi Kivity
2010-04-25  3:39                 ` Anthony Liguori
2010-04-25 11:51                   ` Avi Kivity
2010-04-26  1:53                     ` Anthony Liguori
2010-04-26  5:56                       ` Avi Kivity
2010-04-26  9:56                         ` [libvirt] [Qemu-devel] " Matthias Bolte
2010-04-26 13:14                         ` [Qemu-devel] Re: [libvirt] " Anthony Liguori
2010-04-26 13:41                           ` Avi Kivity
2010-04-26 13:46                             ` Anthony Liguori [this message]
2010-04-26 13:53                               ` Avi Kivity
2010-04-26 13:58                               ` Daniel P. Berrange
2010-04-26 14:26                                 ` Anthony Liguori
2010-04-26 14:32                                   ` Daniel P. Berrange
2010-04-26  9:59                       ` Daniel P. Berrange
2010-04-26 13:13                         ` Anthony Liguori
2010-04-26 13:31                           ` Daniel P. Berrange
2010-04-26 13:43                             ` Anthony Liguori
2010-04-26 14:01                               ` Avi Kivity
2010-04-26 14:19                                 ` Anthony Liguori
2010-04-26 14:25                                   ` Avi Kivity
2010-04-26 14:28                                     ` Anthony Liguori
2010-04-26 14:38                                       ` Avi Kivity
2010-04-26 14:48                                         ` Anthony Liguori
2010-04-26 14:51                                           ` Avi Kivity
2010-04-23 14:34           ` Daniel P. Berrange
2010-04-23 15:43           ` Markus Armbruster
2010-04-22 18:45   ` Anthony Liguori
2010-04-22 19:10     ` Anthony Liguori
2010-04-23 10:28     ` Daniel P. Berrange
2010-04-23 13:40       ` Anthony Liguori
2010-04-23 14:21         ` Daniel P. Berrange
2010-04-23 18:33           ` Anthony Liguori
2010-04-25 14:50             ` Avi Kivity
2010-04-26 13:14               ` Anthony Liguori
2010-04-09 20:07 ` Eric Blake

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4BD59946.8040705@codemonkey.ws \
    --to=anthony@codemonkey.ws \
    --cc=avi@redhat.com \
    --cc=clalance@redhat.com \
    --cc=jdenemar@redhat.com \
    --cc=lcapitulino@redhat.com \
    --cc=libvir-list@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).