On Mon, Jan 19, 2009 at 12:15:14PM +0000, Richard W.M. Jones wrote:
I was just looking at the new vmchannel feature in QEMU and was
wondering if we could make this available in libvirt.
Firstly, since there isn't much documentation, I should explain how
vmchannel works:
[1] You pass an extra parameter on the qemu command line:
qemu [...] -vmchannel <port>:<dev>
where <port> is the TCP port number (see below) and <dev> is
a standard qemu device description. As an example:
qemu [...] -vmchannel 600:unix:/some/path
AFAIK this support is not yet merged in upstream QEMU and the syntax
is still being debated. It'll be something along these lines, a hybrid
of the -net and -serial syntaxes - the -net bit relating to the guest
device config, and the -serial bit relating the host side config which
is hooked into char devices. It has already gone through 3 completely
different schemes, so until it is merged in QEMU I'd be wary of committing
to support it in libvirt.
My plan to implement this would be to add a new network interface
type
to the domain XML:
<interface type='vmchannel'>
<source port='600'/>
<target path='/some/path'/>
</interface>
Only Unix domain socket paths would be allowed on the host side, and
the path would be expected to exist already with suitable permissions.
I don't think this should be overloading the 'interface' XML format,
rather re-use the character device syntax which will allow full range
of host side configs rather than restricting to UNIX domain sockets.
http://libvirt.org/formatdomain.html#elementsConsole
eg, we have 'console', 'serial', 'parallel' and
'vmchannel' all with
a common set of child elements - the target port conveniently maps
to the VMchannel port number
<vmchannel type='unix'>
<source mode="bind" path="/tmp/foo"/>
<target port="600"/>
</serial>
As an example of using of a non-UNIX domain socket option, consider a
syslog server in guest configured to log via a vmchannel port 700
<vmchannel type='file'>
<source path="/var/log/vm/vm-serial.log"/>
<target port="1"/>
</vmchannel>
Note that I think this would also allow guests to communicate with
the
libvirtd on the host (not by default, of course, but if users wanted
to configure it that way), for example:
<interface type='vmchannel'>
<source port='600'/>
<target path='/var/run/libvirt/libvirt-sock'/>
</interface>
A rather scary config until we get fine grained mandatory access control
on the public API calls :-) NB, currently this wouldn't work in most
systems because this will cause it to try to do PolicyKit auth on the
client and be denied since the client isn't in the desktop session.
One problem is that it is qemu/kvm-only. It is built on top of
virtio, and virtio is meant to become a standard driver subsystem for
all full virtualization systems.
I don't see that as a problem for libvirt itself since we're not the ones
who want to use it - we're merely providing the mechanism. So i've no
problem adding vmchannel support to libvirt even if its only impl for
QEMU/KVM. If applications/users of it find that they really badly need it
for Xen too, then someone will step up to impl it.
Daniel
--
|: Red Hat, Engineering, London -o-
http://people.redhat.com/berrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org -o-
http://ovirt.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|