Re: [libvirt] [sandbox PATCH v2 11/19] Image: Add run function

On Mon, 2015-08-10 at 17:19 +0100, Daniel P. Berrange wrote: > On Mon, Aug 10, 2015 at 05:16:19PM +0100, Daniel P. Berrange wrote: > > On Tue, Aug 04, 2015 at 08:11:17PM +0000, Eren Yagdiran wrote: > > > Run an already-built template > > > If there is no execution command specified by user, source.get_command will > > > find the command to invoke > > > --- > > > virt-sandbox-image/virt-sandbox-image.py | 24 ++++++++++++++++++++++++ > > > 1 file changed, 24 insertions(+) > > > > > > diff --git a/virt-sandbox-image/virt-sandbox-image.py b/virt-sandbox-image/virt-sandbox-image.py > > > index 4c19fa8..e20ce22 100755 > > > --- a/virt-sandbox-image/virt-sandbox-image.py > > > +++ b/virt-sandbox-image/virt-sandbox-image.py > > > @@ -101,6 +101,30 @@ def check_connect(connectstr): > > > raise ValueError("%s is not supported by Virt-sandbox" %connectstr) > > > return True > > > > > > +def run(args): > > > + try: > > > + if args.connect is not None: > > > + check_connect(args.connect) > > > + source = dynamic_source_loader(args.source) > > > + diskfile,configfile = source.get_disk(name=args.name,path=args.imagepath) > > > + > > > + format = "qcow2" > > > + commandToRun = args.igniter > > > + if commandToRun is None: > > > + commandToRun = source.get_command(configfile) > > > + cmd = ['virt-sandbox'] > > > + if args.connect is not None: > > > + cmd.append("-c") > > > + cmd.append(args.connect) > > > + params = ['-m','host-image:/=%s,format=%s' %(diskfile,format), > > > + '--', > > > + commandToRun] > > > + cmd = cmd + params > > > + subprocess.call(cmd) > > > + > > > + except Exception,e: > > > + print "Run Error %s" % str(e) > > > > This code actually ends up launching a sandbox using the template file as > > the root disk image. This is not good, because we need to be able to run > > multiple instances of the sandbox, all using the same template file. As > > such we need to be able to create a new temporary disk image for each > > sandbox instance, that is an overlay on the main template, an then > > delete this temporary disk at shutdown. > > Or if we make sure / is read-only that would avoid the problem I > mention here. With normal docker toolchain is / read-only by > default, or do they make it writable with a throw-away snapshot ? They have a layer for the container instance, but it isn't thrown-away when the container stops as users can commit the changes in that container's layer to the image template. I think we need to go the separate temporary layer as you mentioned, and have either an automatically computed container name or one defined by the user: with that we should have clean separation for all instances.