Re: [libvirt] New QEMU daemon for persistent reservations
On 24/11/2017 15:52, Daniel P. Berrange wrote:
> So what has been suggested so far is:
>
> <disk type='block' device='disk'>
> <source dev='/dev/sda'>
> <target dev='sda' bus='scsi'/>
> <reservations enable='yes'/>
> </disk>
<reservations> without an inner <source> element leaves libvirtd with
the choice of a daemon per QEMU, or a daemon per host in a well-known
location. Unprivileged libvirtd would always use the latter; for
privileged libvirtd it is implementation-defined. I like it.
<reservations> with an inner <source> always gives a daemon per host in
a custom location. It can be used by either unprivileged or privileged
libvirtd.
> Now, my question is, in the first case - how should libvirt chose
the
> path? Should it be different for each disk/domain? How is the daemon
> started in the first place - should libvirt start it? And when should
> libvirt kill it?
The core question is one daemon per QEMU, or one daemon per host. I'd be
more inclined to have one daemon per QEMU so we always have isolation
and thus do't have to worry about a shared daemon being a potential
attack point between distinct QEMU's.
One daemon per QEMU is nicer IMO because it lets us do MCS. Of course
one daemon per QEMU can only apply to system libvirtd; session must use
one daemon per host.
One daemon per host is easy, because it's just a couple new command-line
options as far as libvirtd is concerned, but we need to check that it
works well with MCS.
If one daemon per host, then for privileged libvirtd, we should make
sure
the daemon ships with a systemd unit file + socket activation file, then
we have a well-known cross-distro standardized socket path.
Ok, then I will send a patch for upstream QEMU that adds the Fedora
systemd unit files to contrib/. They are useful anyway.
Thanks,
Paolo
If one daemon per QEMU, then we should just put the socket in the
VM's
private dir under /var/run/libvirt/qemu/$GUEST/