On 11/01/2013 07:42 AM, Eric Blake wrote:
On 11/01/2013 08:31 AM, Michael Chapman wrote:
> As I mentioned before, without that QEMU will implicitly try to
> find a system ceph.conf file using a built-in librados search path.
> Would this actually be backwards-incompatible change given it was never
> documented by libvirt?
The old behavior is broken, so we can bill this as a bug fix
(previously, qemu would behave differently than what the XML defined,
which is not supposed to happen) rather than a backwards-incompatible
change. Can you propose a patch in time for inclusion in 1.1.4?
This will break OpenStack's usage of libvirt + rbd in Grizzly and
earlier releases, which relied on loading ceph.conf for the monitor
addresses. This is fixed in OpenStack Havana, but I wanted to note that
applications are relying on this behavior.
Passing conf=/dev/null removes the last remaining way of specifying
arbitrary ceph options for rbd devices, which is backwards-incompatible
in some setups even with well-behaved applications.
In general it may break setups using non-default options that libvirt
is not aware of. For example, ceph has an option to require messages
to be signed. This is off by default for backwards compatibility with
older ceph clients, but it can be enabled for qemu right now by adding
an option to /etc/ceph/ceph.conf. If libvirt passes conf=/dev/null,
guests are less secure since they may get their data from an untrusted
source that does not sign messages.
Ceph is a fast-moving complex project, and there are many options (and
will be more in the future) that affect security, performance tuning,
run-time introspection, logging, etc. I don't think libvirt should
remove the ability to configure these settings without having a way to
add them via xml. It doesn't seem feasible to make libvirt (and all
applications using it) aware of all existing and new options,
especially since many of them are quite ceph-specific.
Instead, I'd like to propose a mechanism for passing through generic
key/value pairs to configure block devices. Concretely, this could be
something like:
<disk type='network'>
<driver name='qemu' type='raw' cache='writeback'/>
<source protocol='rbd' name='pool/image'>
<host name='mon1.example.org'/>
<option name="cephx require signatures" value="true"/>
<option name="rbd cache size" value="131768"/>
<option name="rbd cache max dirty" value="131768"/>
<option name="rbd cache max dirty age" value="1.5"/>
<option name="rbd balance snap reads" value="true"/>
<option name="debug ms" value="0/0"/>
<option name="debug auth" value="0/0"/>
<option name="debug rados" value="0/0"/>
</source>
</disk>
I don't care about the particular format, just that there's a way to
set these kinds of settings. It's much easier for users of libvirt
and ceph if these are treated as opaque strings by libvirt, since
they can ugrade ceph and use new options without upgrading libvirt
and any applications using it as well. I'm happy to provide patches
if this approach is acceptable.
Josh