A update on progress splitting libvirtd into multiple daemons....
* General refactoring of the RPC client/server
This is about allowing libvirtd daemon to forward API calls to
other daemons when there is no built-in driver. It also involves
the remote client learning how to connect to other daemons.
Working proof of concept which splits the secret driver into a
separate daemon is available:
https://www.redhat.com/archives/libvir-list/2018-April/msg01977.html
The storage driver, interface driver and nodedev drivers can
all also be split at this time. The nwfilter & network drivers
require some work before they can be split.
Still needs work around config files, and creating daemons for other
drivers. I'm not proposing to merge this until all drivers are ready.
I want to avoid a hybrid state where some drivers are split and some
are not as that will be confusing and make upgrade path harder.
Need to also consider if we'll mandate splitting of libvirtd, or
provide a compile time option to continue building a monolithic
driver. We'll probably need the latter for at least a few years
to avoid forcing a major architectural change on long-life distros
that like to rebase.
* Untangle storage driver from virt drivers
This involved more the storage file code into separate loadable modules.
This is merged and working
https://www.redhat.com/archives/libvir-list/2018-April/msg02423.html
* Untangle nwfilter driver from the virt drivers
This involved creating new public APIs to provide the concept of a filter
binding. This allows nwfilter driver to track all filters it has created.
The virt drivers only talk to the nwfilter driver via the public API
after this is done.
Latest patch series is here:
https://www.redhat.com/archives/libvir-list/2018-May/msg01145.html
A few loose ends and testing needed, but largely feature complete and
hopefully soon mergable
* Untangle network driver from virt driver
The virt drivers currently call into the network driver via a
back channel using callbacks, rather than the public API. We
will need to define some public APIs to allow creation and
deletion of "network ports" from the virt driver. This will
allow unprivilegd virt drivers to have real network access
via privileged network driver.
Also likely want to make the network driver responsible to
setting up network filters when this is done. ie the virt
driver will no longer directly use the nwfilter driver,
instead the network driver will talk to the nwfilter driver.
This will allow privileged network driver to enforce the
use of nwfilters when giving ports to unprivileged virt
drivers.
No work started, but this what I'll tackle now the nwfilter stuff
is largely wrapped up.
* Move host device tracking into the node dev driver
Currently we have a src/util/virhostdev.c file that tracks the
state of SCSI, SCIVHost PCI, MDev, USB devices that are assigned
to guests. This is part of the virt driver and needs to move into
the node device driver in some way. Principally this will allow
an unprivileged virt driver to use host devices via a privileged
nodedev driver.
Probably will involve creating some new virNodeDeviceXXXX APIs
to deal with the operations required. Unclear exactly what they
will look like, but need to be much simpler than the huge number
of APIs that are in virhostdev.h currently.
No work started, but Laine has indicated an interest in working
on it. If not, I'll work on it once network stuff is under control
With all the above done we'll be able to have many daemons, one per
driver, with split privilege levels.
The virt driver daemons, however, would still be monolithic. The step
after that would be to look at how to allow a launching VMs via a simple
shim daemon, that then associates with the main virt daemon. We had done
some POC demos around that in the past, with some positive results
https://www.redhat.com/archives/libvir-list/2017-December/msg00728.html
With the splitting of libvirtd, the need for a shim feels less urgent,
because the penalty of running one virtqemud per guest is lower than
the penalty of running one libvirtd per guest. None the less I still
think we want to try to build a shim, so that apps can directly connect
to the shim to run API operations, and just use the virtqemud for
central aggregation views. I'm not expecting todo anything on this
until the libvirtd is split, because that makes it easier todo the
shim without loosing functionality in the shim.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|