Re: [Libvir] Virtual networking
Daniel P. Berrange wrote: [Tue Jan 16 2007, 04:54:49PM EST]
On Tue, Jan 16, 2007 at 04:19:37PM -0500, Aron Griffis wrote:
> Daniel P. Berrange wrote: [Tue Jan 16 2007, 10:57:03AM EST]
> > 2. The way I was always anticipating remote use of libvirt to work. The
> > app uses libvirt locally which opens a connection to the remote machine
> > using whatever remote management protocol is relevant for the hypervisor
> > in question. eg, HTTP/XML-RPC for Xen, or the TLS secured binary format
> > for the prototype QEMU backend.
> >
> > http://people.redhat.com/berrange/libvirt/libvirt-arch-remote-1.png
>
> So this works to manage a remote host that might not have libvirt
> installed...
Provided the host in question provided a secure remote management system.
Until Xen-API is supported, even Xen doesn't have a useful remote management
system since its currents APIs have zero auth. Other non-Xen virt produces
don't have any remote management.
*nod*
> > 3. The way I think you re suggesting - a libvirt server on
every remote
> > host which calls into the regular libvirt internal driver model to
> > proxy remote calls. So even if the hypervisor in question provides a
> > remote network management API, we will always use the local API and
> > do *all* remote networking via the libvirt server
> >
> > http://people.redhat.com/berrange/libvirt/libvirt-arch-remote-2.png
>
> ...and this requires each managed host to have libvirt(d).
>
> This is considered a reasonable requirement?
Personally it doesn't worry me too much - by all means though, I'm open to
arguments against it too.....
The way I currently look at the problem, needing to deploy a small
C based management daemon (merely linked to an SSL library for
secure comms) isn't very onerous in comparison to the enourmous pile
of python code Xen already requires. For non-Xen backends we'll
definitely need a daemon of some form, since QEMU / KVM / UML / etc
don't have any management daemon at all. For administrators there's
a certain benefit to only having to worry about opening up one
daemon to the public network regardless of which virt system in use.
What's the gap (if any) between libvirtd and xend capabilities? i.e.
could libvirtd eventually allow dom0 to omit the python-based xen mgmt
stack to shrink dom0 to a significantly thinner OS instance?
But then maybe we actually need to support both remote management
models ?
IMHO unnecessary complexity.
Would a requirement for a libvirtd be a problem for your use cases ?
I don't think so. Mostly I was verifying my understanding, and that
the requirement was considered.
Thanks,
Aron
Attachments:
- signature.asc (application/pgp-signature — 189 bytes)