8:16 a.m.
Hello,
in the company I work for, we use openvz and qemu/kvm on our clusters side-by-side. To
manage our domains, we used libvirt/qemu for qemu/kvm domains and vz tools for openvz
domains in the past. This was very inconvinient since the management differed in many
ways. So we have decided to unify our management and use libvirt exclusively. Since the
openvz driver already included in libvirt lacks features that need, we have implemented a
new libvirt backend driver for openvz called the bossonvz driver.
Unlike the openvz driver, bossonvz is a complete, feature-rich stateful libvirt driver. It
uses the libvirt driver API exclusively and communicates with the kernel directly, much
like the LXC driver. The code is hugely inspired by the LXC driver and the Qemu driver,
but adds a bit of functionality to the libvirt core too. More details and the source code
can be found at
http://bossonvz.bosson.eu/
The driver is completely independent of vz tools, it needs only a running vz kernel. One
of the things, we are most proud of, is the possibility to access the domain's tty via
VNC (hurray to uniform management web interfaces).
Since the code was developed in-house (primarily for internal purposes), it is based on an
older libvirt release (1.1.2). There are also some modifications to the libvirt core
(virCommand) and the domain file (mount options syntax) which might need some redesign.
At the moment I would like to get some feedback on the driver. In the future, I would like
to see the driver merged upstream, and am prepared to do the work but I need to know if
there is any interest in doing so.
--
Cluster Design, s.r.o.
10:51 p.m.
On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
Hello,
Hello,
first small rule here, trust is build on persons like most open source
projects, so please change your email, I want to communicate with a person
not with the name of a company.
in the company I work for, we use openvz and qemu/kvm on our
clusters
side-by-side. To manage our domains, we used libvirt/qemu for qemu/kvm
domains and vz tools for openvz domains in the past. This was very
inconvinient since the management differed in many ways. So we have
decided to unify our management and use libvirt exclusively. Since the
openvz driver already included in libvirt lacks features that need,
we have implemented a new libvirt backend driver for openvz called the
bossonvz driver.
it's true that the openvz diver is lagging behind a bit, I didn't see
any real update since 2012. That wouldn't be the first time that we have
multiple drivers for a given hypervisor, Xen is a precedent at least,
though that's not a perfect situation as it dilutes manpower to maintain
drivers for the hypervisor.
Unlike the openvz driver, bossonvz is a complete, feature-rich
stateful libvirt driver. It uses the libvirt driver API exclusively and
communicates with the kernel directly, much like the LXC driver. The
code is hugely inspired by the LXC driver and the Qemu driver, but adds
a bit of functionality to the libvirt core too. More details and the
source code can be found at
http://bossonvz.bosson.eu/
The driver is completely independent of vz tools, it needs only a running vz kernel. One
of the things, we are most proud of, is the possibility to access the domain's tty via
VNC (hurray to uniform management web interfaces).
Since the code was developed in-house (primarily for internal purposes),
it is based on an older libvirt release (1.1.2). There are also some
modifications to the libvirt core (virCommand) and the domain file
(mount options syntax) which might need some redesign.
At the moment I would like to get some feedback on the driver. In the future, I would
like to see the driver merged upstream, and am prepared to do the work but I need to know
if there is any interest in doing so.
The proper way to get feedback on the driver is:
1/ rebase your code to the current version, there is nothing we
can do with a patch for 1.1.2
2/ split the changes logically, nobody will review a 44312 line
patch, remove garbage from diffing generated files like configure
3/ submit the patches on this list for review, each patch having
details about what it does, etc ... best manage all this with
git on a branch from the upstream or you will be mad very quickly
see how other does, that's standard practice and if you're not
familiar with it, learning it won't be a lot time really.
4/ you will need to add patches adding documentation, no doc, no
upstream :)
If you think it's too much, then don't bother because we will need
commitment to maintaining the driver over the years, and the sum of
the work will be even larger than those initial steps. What you gain
in exchange is integration in upstream, easier maintainance, easier
rebase and recognition in the community.
Makes sense ?
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
7:37 a.m.
Helo Daniel,
thanks for the initial tips. I have submitted a new (more personal) email so within a few
days all should be settled.
To the feedback. I did not expect anything less than a request for a batch of smaller git
patches. My first post here was merely to raise some public awareness of the driver and
this seemed like a logical place where the information should go. I also wanted to know if
I should even try to do the preparatory work for the patches considering there is already
another OpenVZ driver included in libvirt.
I will try to prepare some initial patches next week or so to test the proper way the code
should flow upstream.
--
David Fabian
Cluster Desgin, s.r.o.
Dne Po 30. června 2014 11:51:20, Daniel Veillard napsal(a):
On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
> Hello,
Hello,
first small rule here, trust is build on persons like most open source
projects, so please change your email, I want to communicate with a person
not with the name of a company.
> in the company I work for, we use openvz and qemu/kvm on our clusters
> side-by-side. To manage our domains, we used libvirt/qemu for qemu/kvm
> domains and vz tools for openvz domains in the past. This was very
> inconvinient since the management differed in many ways. So we have
> decided to unify our management and use libvirt exclusively. Since the
> openvz driver already included in libvirt lacks features that need,
> we have implemented a new libvirt backend driver for openvz called the
> bossonvz driver.
it's true that the openvz diver is lagging behind a bit, I didn't see
any real update since 2012. That wouldn't be the first time that we have
multiple drivers for a given hypervisor, Xen is a precedent at least,
though that's not a perfect situation as it dilutes manpower to maintain
drivers for the hypervisor.
> Unlike the openvz driver, bossonvz is a complete, feature-rich
> stateful libvirt driver. It uses the libvirt driver API exclusively and
> communicates with the kernel directly, much like the LXC driver. The
> code is hugely inspired by the LXC driver and the Qemu driver, but adds
> a bit of functionality to the libvirt core too. More details and the
> source code can be found at
>
> http://bossonvz.bosson.eu/
>
> The driver is completely independent of vz tools, it needs only a running vz kernel.
One of the things, we are most proud of, is the possibility to access the domain's tty
via VNC (hurray to uniform management web interfaces).
>
> Since the code was developed in-house (primarily for internal purposes),
> it is based on an older libvirt release (1.1.2). There are also some
> modifications to the libvirt core (virCommand) and the domain file
> (mount options syntax) which might need some redesign.
>
> At the moment I would like to get some feedback on the driver. In the future, I
would like to see the driver merged upstream, and am prepared to do the work but I need to
know if there is any interest in doing so.
The proper way to get feedback on the driver is:
1/ rebase your code to the current version, there is nothing we
can do with a patch for 1.1.2
2/ split the changes logically, nobody will review a 44312 line
patch, remove garbage from diffing generated files like configure
3/ submit the patches on this list for review, each patch having
details about what it does, etc ... best manage all this with
git on a branch from the upstream or you will be mad very quickly
see how other does, that's standard practice and if you're not
familiar with it, learning it won't be a lot time really.
4/ you will need to add patches adding documentation, no doc, no
upstream :)
If you think it's too much, then don't bother because we will need
commitment to maintaining the driver over the years, and the sum of
the work will be even larger than those initial steps. What you gain
in exchange is integration in upstream, easier maintainance, easier
rebase and recognition in the community.
Makes sense ?
Daniel
7:55 a.m.
Hi David,
I think it's worth checking also if the technical approach used
by thr driver will be compatible with current and future versions,
not sure how much Parallels want to certify their current API/ABI
kernel wise. Historically libvirt was started because we had similar
issues with Xen at the time, so definitely something to check out
to estimate the cost of maintaining the driver long term :)
thanks,
Daniel
On Tue, Jul 01, 2014 at 02:37:49PM +0200, Bosson VZ wrote:
Helo Daniel,
thanks for the initial tips. I have submitted a new (more personal) email so within a few
days all should be settled.
To the feedback. I did not expect anything less than a request for a batch of smaller git
patches. My first post here was merely to raise some public awareness of the driver and
this seemed like a logical place where the information should go. I also wanted to know if
I should even try to do the preparatory work for the patches considering there is already
another OpenVZ driver included in libvirt.
I will try to prepare some initial patches next week or so to test the proper way the
code should flow upstream.
--
David Fabian
Cluster Desgin, s.r.o.
Dne Po 30. června 2014 11:51:20, Daniel Veillard napsal(a):
> On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
> > Hello,
>
> Hello,
>
> first small rule here, trust is build on persons like most open source
> projects, so please change your email, I want to communicate with a person
> not with the name of a company.
>
> > in the company I work for, we use openvz and qemu/kvm on our clusters
> > side-by-side. To manage our domains, we used libvirt/qemu for qemu/kvm
> > domains and vz tools for openvz domains in the past. This was very
> > inconvinient since the management differed in many ways. So we have
> > decided to unify our management and use libvirt exclusively. Since the
> > openvz driver already included in libvirt lacks features that need,
> > we have implemented a new libvirt backend driver for openvz called the
> > bossonvz driver.
>
> it's true that the openvz diver is lagging behind a bit, I didn't see
> any real update since 2012. That wouldn't be the first time that we have
> multiple drivers for a given hypervisor, Xen is a precedent at least,
> though that's not a perfect situation as it dilutes manpower to maintain
> drivers for the hypervisor.
>
> > Unlike the openvz driver, bossonvz is a complete, feature-rich
> > stateful libvirt driver. It uses the libvirt driver API exclusively and
> > communicates with the kernel directly, much like the LXC driver. The
> > code is hugely inspired by the LXC driver and the Qemu driver, but adds
> > a bit of functionality to the libvirt core too. More details and the
> > source code can be found at
> >
> > http://bossonvz.bosson.eu/
> >
> > The driver is completely independent of vz tools, it needs only a running vz
kernel. One of the things, we are most proud of, is the possibility to access the
domain's tty via VNC (hurray to uniform management web interfaces).
> >
> > Since the code was developed in-house (primarily for internal purposes),
> > it is based on an older libvirt release (1.1.2). There are also some
> > modifications to the libvirt core (virCommand) and the domain file
> > (mount options syntax) which might need some redesign.
> >
> > At the moment I would like to get some feedback on the driver. In the future, I
would like to see the driver merged upstream, and am prepared to do the work but I need to
know if there is any interest in doing so.
>
> The proper way to get feedback on the driver is:
> 1/ rebase your code to the current version, there is nothing we
> can do with a patch for 1.1.2
> 2/ split the changes logically, nobody will review a 44312 line
> patch, remove garbage from diffing generated files like configure
> 3/ submit the patches on this list for review, each patch having
> details about what it does, etc ... best manage all this with
> git on a branch from the upstream or you will be mad very quickly
> see how other does, that's standard practice and if you're not
> familiar with it, learning it won't be a lot time really.
> 4/ you will need to add patches adding documentation, no doc, no
> upstream :)
>
> If you think it's too much, then don't bother because we will need
> commitment to maintaining the driver over the years, and the sum of
> the work will be even larger than those initial steps. What you gain
> in exchange is integration in upstream, easier maintainance, easier
> rebase and recognition in the community.
>
> Makes sense ?
>
> Daniel
>
>
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
4:31 a.m.
On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
Hello,
in the company I work for, we use openvz and qemu/kvm on our clusters
side-by-side. To manage our domains, we used libvirt/qemu for qemu/kvm
domains and vz tools for openvz domains in the past. This was very
inconvinient since the management differed in many ways. So we have
decided to unify our management and use libvirt exclusively. Since the
openvz driver already included in libvirt lacks features that need, we
have implemented a new libvirt backend driver for openvz called the
bossonvz driver.
Are there any particular reasons why you were unable to extend the
existing openvz driver to do what you needed ? I know openvz driver
has been mostly unmaintained and its code isn't too pleasant, but
it'd still be nice to know what show-stopper problems you saw with
using it as a base for more work.
Unlike the openvz driver, bossonvz is a complete, feature-rich
stateful
libvirt driver. It uses the libvirt driver API exclusively and
communicates with the kernel directly, much like the LXC driver. The
code is hugely inspired by the LXC driver and the Qemu driver, but adds
a bit of functionality to the libvirt core too. More details and the
source code can be found at
http://bossonvz.bosson.eu/
The driver is completely independent of vz tools, it needs only a
running vz kernel.
That's very interesting. Do you know if there is any statement of
support for the OpenVZ kernel <-> userspace API. I know the mainline
kernel aims to maintain userspace API compatibility, but are all the
custom additions that the OpenVZ fork has maintained in a compatible
manner as OpenVZ provides new versions ?
eg is there any significant risk that when a new OpenVZ release
comes out, kernel changes might break this new driver, or are they
careful to maintain compat for the mgmt layer ?
Also is there interoperability between this driver and the openvz
tools. eg if openvz tools launch a guest, can it be seen and managed
by this driver, and vica-verca ? Or are they completely separate
views and non-interacting ?
One of the things, we are most proud of, is the
possibility to access the domain's tty via VNC (hurray to uniform
management web interfaces).
That's nice - care to elaborate on the technical architecture
of this ? Presumably when you say 'tty' you mean the VNC is just
a frontend to the text-mode console, it isn't providing any kind
of virtualized graphical framebuffer. Is this VNC support you
have part of the libvirt patches, or a standalone component that
just interacts with it ?
Basically I'm wondering whether this VNC support is something we
can leverage in the LXC driver too ?
Since the code was developed in-house (primarily for internal
purposes), it is based on an older libvirt release (1.1.2). There
are also some modifications to the libvirt core (virCommand) and
the domain file (mount options syntax) which might need some
redesign.
At the moment I would like to get some feedback on the driver. In
the future, I would like to see the driver merged upstream, and
am prepared to do the work but I need to know if there is any
interest in doing so.
As you've probably already figured out, we generally welcome support for
new virtualization drivers. The two big questions to me are
- Are you able to provide ongoing maintaince and development of
this driver for the future ? We're already suffering from a lack
of people able to maintain the existing openvz driver and the
related parallels isn't too active either. Basically we'd like
to see a commitment to be an active maintainer of the code.
- What do you see as the long term future of the driver ? I've
already asked whether there's any risk from future OpenVZ releases
potentially breaking things. Historically the idea with the kernel's
namespace support was that the OpenVZ forked kernel would be able
to go away. IIUC, the openvz userspace can already run on top of a
plain mainline kernel, albeit with reduced features compared to when
it runs on openvz kernel fork. If we assume the trend of merging
OpenVZ features into mainline continues, we might get to a point
where OpenVZ kernel fork no longer exists. At that point I wonder
what would be the compelling differences between BossonVZ and the
LXC driver ? ie why would we benefit from 2 container drivers for
the same kernel functionality.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
8:39 a.m.
On Mon, Jun 30, 2014 at 10:31:26AM +0100, Daniel P. Berrange wrote:
On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
[...]
- What do you see as the long term future of the driver ? I've
already asked whether there's any risk from future OpenVZ releases
potentially breaking things. Historically the idea with the kernel's
namespace support was that the OpenVZ forked kernel would be able
to go away. IIUC, the openvz userspace can already run on top of a
plain mainline kernel, albeit with reduced features compared to when
it runs on openvz kernel fork. If we assume the trend of merging
OpenVZ features into mainline continues, we might get to a point
where OpenVZ kernel fork no longer exists. At that point I wonder
what would be the compelling differences between BossonVZ and the
LXC driver ? ie why would we benefit from 2 container drivers for
the same kernel functionality.
Good point !
My recollection of talking with James Bottomley is indeed that all
the special features are being migrated as part of the commonly agreed
upon set of kernel primitives put in the kernel for containers. So I hope
that this driver will indeed work based on those primitives and not
the Parallels specific extensions, as those may vanish sooner or later.
What kernels do you support, only CentOS-6 modified ones ?
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
10:43 a.m.
Pavel and James to CC
On 30/06/14 17:39, "Daniel Veillard" <veillard(a)redhat.com> wrote:
On Mon, Jun 30, 2014 at 10:31:26AM +0100, Daniel P. Berrange wrote:
> On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
[...]
> - What do you see as the long term future of the driver ? I've
> already asked whether there's any risk from future OpenVZ releases
> potentially breaking things. Historically the idea with the kernel's
> namespace support was that the OpenVZ forked kernel would be able
> to go away. IIUC, the openvz userspace can already run on top of a
> plain mainline kernel, albeit with reduced features compared to when
> it runs on openvz kernel fork. If we assume the trend of merging
> OpenVZ features into mainline continues, we might get to a point
> where OpenVZ kernel fork no longer exists. At that point I wonder
> what would be the compelling differences between BossonVZ and the
> LXC driver ? ie why would we benefit from 2 container drivers for
> the same kernel functionality.
Good point !
My recollection of talking with James Bottomley is indeed that all
the special features are being migrated as part of the commonly agreed
upon set of kernel primitives put in the kernel for containers. So I hope
that this driver will indeed work based on those primitives and not
the Parallels specific extensions, as those may vanish sooner or later.
What kernels do you support, only CentOS-6 modified ones ?
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
10:52 a.m.
On 07/01/2014 07:43 PM, Dmitry Mishin wrote:
Pavel and James to CC
On 30/06/14 17:39, "Daniel Veillard" <veillard(a)redhat.com> wrote:
> On Mon, Jun 30, 2014 at 10:31:26AM +0100, Daniel P. Berrange wrote:
>> On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
> [...]
>> - What do you see as the long term future of the driver ? I've
>> already asked whether there's any risk from future OpenVZ releases
>> potentially breaking things. Historically the idea with the kernel's
>> namespace support was that the OpenVZ forked kernel would be able
>> to go away. IIUC, the openvz userspace can already run on top of a
>> plain mainline kernel, albeit with reduced features compared to when
>> it runs on openvz kernel fork. If we assume the trend of merging
>> OpenVZ features into mainline continues, we might get to a point
>> where OpenVZ kernel fork no longer exists. At that point I wonder
>> what would be the compelling differences between BossonVZ and the
>> LXC driver ? ie why would we benefit from 2 container drivers for
>> the same kernel functionality.
>
> Good point !
>
> My recollection of talking with James Bottomley is indeed that all
> the special features are being migrated as part of the commonly agreed
> upon set of kernel primitives put in the kernel for containers. So I hope
> that this driver will indeed work based on those primitives and not
> the Parallels specific extensions, as those may vanish sooner or later.
First of all -- great Thanks to the Bosson team for this work :)
Unfortunately, I must say that our plan is to deprecate the OpenVZ kernel API
for containers eventually. Current plan is the API for OpenVZ and PCS products
would be the PCS SDK (the GPL-compatible version will be announced soon) and
the libcontainer project.
Thanks,
Pavel
7:15 a.m.
Thanks in return for the acknowledgement.
I understand that the long-term plan is to reduce the size of the vzkernel patch and to
only use vanilla kernel primitives Daniel was talking about. That would be an ideal
situation. The thing is that we simply cannot wait for this merge to happen. We have been
using OpenVZ for many years and bossonvz is just a convenient tool for us right now and,
at least, in the mid-term future. My question is how is the new libcontainer/PCS SDK
library going to influence the existing vz-tools eco-system?
--
David Fabian
Cluster Design, s.r.o.
Dne Út 1. července 2014 19:52:28, Pavel Emelyanov napsal(a):
On 07/01/2014 07:43 PM, Dmitry Mishin wrote:
> Pavel and James to CC
>
> On 30/06/14 17:39, "Daniel Veillard" <veillard(a)redhat.com> wrote:
>
>> On Mon, Jun 30, 2014 at 10:31:26AM +0100, Daniel P. Berrange wrote:
>>> On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
>> [...]
>>> - What do you see as the long term future of the driver ? I've
>>> already asked whether there's any risk from future OpenVZ releases
>>> potentially breaking things. Historically the idea with the kernel's
>>> namespace support was that the OpenVZ forked kernel would be able
>>> to go away. IIUC, the openvz userspace can already run on top of a
>>> plain mainline kernel, albeit with reduced features compared to when
>>> it runs on openvz kernel fork. If we assume the trend of merging
>>> OpenVZ features into mainline continues, we might get to a point
>>> where OpenVZ kernel fork no longer exists. At that point I wonder
>>> what would be the compelling differences between BossonVZ and the
>>> LXC driver ? ie why would we benefit from 2 container drivers for
>>> the same kernel functionality.
>>
>> Good point !
>>
>> My recollection of talking with James Bottomley is indeed that all
>> the special features are being migrated as part of the commonly agreed
>> upon set of kernel primitives put in the kernel for containers. So I hope
>> that this driver will indeed work based on those primitives and not
>> the Parallels specific extensions, as those may vanish sooner or later.
First of all -- great Thanks to the Bosson team for this work :)
Unfortunately, I must say that our plan is to deprecate the OpenVZ kernel API
for containers eventually. Current plan is the API for OpenVZ and PCS products
would be the PCS SDK (the GPL-compatible version will be announced soon) and
the libcontainer project.
Thanks,
Pavel
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
10:41 a.m.
On 07/02/2014 04:15 PM, Bosson VZ wrote:
Thanks in return for the acknowledgement.
I understand that the long-term plan is to reduce the size of the vzkernel patch and to
only use vanilla kernel primitives Daniel was talking about. That would be an ideal
situation.
Yes, at the kernel level the long term plan is to eventually
get rid of vz-specific API and switch to namespaces/cgroups
completely. Thus any new users that sit on the vzkernel API
make this process ... harder :)
The thing is that we simply cannot wait for this merge to happen. We
have been using OpenVZ
for many years and bossonvz is just a convenient tool for us right now and, at least, in
the
mid-term future. My question is how is the new libcontainer/PCS SDK library going to
influence
the existing vz-tools eco-system?
We will keep the CLI (vzctl) and library (libvzctl) working on
new OpenVZ installations for some time (several years, I suppose)
by making them properly redirect calls to new API.
But all the new features will be implemented within the new API,
libcontainer/PCS SDK.
Thanks,
Pavel
6:49 a.m.
Fair enough. We have no problem to adapt to the new process. I don't know how
libcontainer is designed internally and how low-level it is but having a thin user-space
wrapper around the vzkernel would be wonderful. I wanted to use libvzctl in bossonvz to
abstract the driver away from the low-level stuff but the library is just too much
interconnected with the veconf parser.
The current vz kernel API is not the nicest thing to work with to be honest and a shared
user-space library would help both vzctl and bossonvz. If you are interested in my POV on
the kernel API, I would say you should leave more work for the user-space. At the moment,
when the user-space asks for a new container, the vzkernel magically creates a new
environment and sets everything (esp. cgroups) by itself without any chance for the
user-space to set anything. Because libvirt has its own cgroup hierarchy model and any
libvirt driver should honor it, bossonvz should, idealy, create cgroups for the container
under the libvirt hierarchy but it cannot since the kernel won't let it.
As I see it, the driver has to do two separate things to successfully use the kernel API.
There are the vz specific syscalls/ioctls (e.g. VZCTL_ENV_CREATE_DATA) and there is a
preparatory work done in the user-space (preparing forked sub-processes, pipes, etc.). Is
the new SDK going to cover only the low-level code (ioctls) or will I be able to use some
sort of a high-level function like spawn_environment() and get PID of the newly created
container's init?
The amount of vz specific code in the bossonvz driver is not that big. The ioctls is just
a single bossonvz_environment.c file. The harder part is the preparatory part which is
located in bossonvz_container.c and is quite complex since it closely mimics the code path
of vzctl (otherwise the driver would not work).
--
David Fabian
Cluster Design, s.r.o.
Dne St 2. července 2014 19:41:15, Pavel Emelyanov napsal(a):
On 07/02/2014 04:15 PM, Bosson VZ wrote:
> Thanks in return for the acknowledgement.
>
>
>
> I understand that the long-term plan is to reduce the size of the vzkernel patch and
to
> only use vanilla kernel primitives Daniel was talking about. That would be an ideal
situation.
Yes, at the kernel level the long term plan is to eventually
get rid of vz-specific API and switch to namespaces/cgroups
completely. Thus any new users that sit on the vzkernel API
make this process ... harder :)
> The thing is that we simply cannot wait for this merge to happen. We have been using
OpenVZ
> for many years and bossonvz is just a convenient tool for us right now and, at
least, in the
> mid-term future. My question is how is the new libcontainer/PCS SDK library going to
influence
> the existing vz-tools eco-system?
We will keep the CLI (vzctl) and library (libvzctl) working on
new OpenVZ installations for some time (several years, I suppose)
by making them properly redirect calls to new API.
But all the new features will be implemented within the new API,
libcontainer/PCS SDK.
Thanks,
Pavel
2:17 p.m.
On 07/03/2014 03:49 PM, Bosson VZ wrote:
Fair enough. We have no problem to adapt to the new process. I
don't know how libcontainer is designed
internally and how low-level it is but having a thin user-space wrapper around the
vzkernel would be wonderful.
Here's the preliminary version of it will look like: https://github.com/xemul/libct/
The API would get slightly shuffled to fit more the
https://github.com/docker/libcontainer/pull/28
I wanted to use libvzctl in bossonvz to abstract the driver away from
the low-level stuff but the library
is just too much interconnected with the veconf parser.
Well, the libcontainer API is not going to mess with configs at all. Everything
will be run-time.
The current vz kernel API is not the nicest thing to work with to be
honest and a shared user-space library
would help both vzctl and bossonvz. If you are interested in my POV on the kernel API, I
would say you
should leave more work for the user-space. At the moment, when the user-space asks for a
new container,
the vzkernel magically creates a new environment and sets everything (esp. cgroups) by
itself without any
chance for the user-space to set anything. Because libvirt has its own cgroup hierarchy
model and any
libvirt driver should honor it, bossonvz should, idealy, create cgroups for the container
under the libvirt
hierarchy but it cannot since the kernel won't let it.
Yes, this is our 15-years-old API that was kept compatible with tools. Soon after
we started merging containers upstream we started the process of its deprecation,
and in the upcoming Rhel7-based kernel we're very close to the goal.
As I see it, the driver has to do two separate things to successfully
use the kernel API. There are the
vz specific syscalls/ioctls (e.g. VZCTL_ENV_CREATE_DATA) and there is a preparatory work
done in the
user-space (preparing forked sub-processes, pipes, etc.). Is the new SDK going to cover
only the low-level
code (ioctls) or will I be able to use some sort of a high-level function like
spawn_environment() and get
PID of the newly created container's init?
The SDK is going to be quite high-level, and more sophisticated than existing libvzctl.
The libcontainer is going to be low-level but still more abstract than the kernel API.
The amount of vz specific code in the bossonvz driver is not that
big. The ioctls is just a single
bossonvz_environment.c file. The harder part is the preparatory part which is located in
bossonvz_container.c
and is quite complex since it closely mimics the code path of vzctl (otherwise the driver
would not work).
It's interesting. Can you point out where you code is?
And, btw, I think you would be interested in taking part in libcontainer
design, discussions and development. The link above is the place where we
try to settle down the new API and you're welcome to join :)
Thanks,
Pavel
9:21 a.m.
--
David Fabian
Cluster Design, s.r.o.
Dne Čt 3. července 2014 23:17:12, Pavel Emelyanov napsal(a):
On 07/03/2014 03:49 PM, Bosson VZ wrote:
> Fair enough. We have no problem to adapt to the new process. I don't know how
libcontainer is designed
> internally and how low-level it is but having a thin user-space wrapper around the
vzkernel would be wonderful.
Here's the preliminary version of it will look like: https://github.com/xemul/libct/
The API would get slightly shuffled to fit more the
https://github.com/docker/libcontainer/pull/28
> I wanted to use libvzctl in bossonvz to abstract the driver away from the low-level
stuff but the library
> is just too much interconnected with the veconf parser.
Well, the libcontainer API is not going to mess with configs at all. Everything
will be run-time.
> The current vz kernel API is not the nicest thing to work with to be honest and a
shared user-space library
> would help both vzctl and bossonvz. If you are interested in my POV on the kernel
API, I would say you
> should leave more work for the user-space. At the moment, when the user-space asks
for a new container,
> the vzkernel magically creates a new environment and sets everything (esp. cgroups)
by itself without any
> chance for the user-space to set anything. Because libvirt has its own cgroup
hierarchy model and any
> libvirt driver should honor it, bossonvz should, idealy, create cgroups for the
container under the libvirt
> hierarchy but it cannot since the kernel won't let it.
Yes, this is our 15-years-old API that was kept compatible with tools. Soon after
we started merging containers upstream we started the process of its deprecation,
and in the upcoming Rhel7-based kernel we're very close to the goal.
> As I see it, the driver has to do two separate things to successfully use the kernel
API. There are the
> vz specific syscalls/ioctls (e.g. VZCTL_ENV_CREATE_DATA) and there is a preparatory
work done in the
> user-space (preparing forked sub-processes, pipes, etc.). Is the new SDK going to
cover only the low-level
> code (ioctls) or will I be able to use some sort of a high-level function like
spawn_environment() and get
> PID of the newly created container's init?
The SDK is going to be quite high-level, and more sophisticated than existing libvzctl.
The libcontainer is going to be low-level but still more abstract than the kernel API.
> The amount of vz specific code in the bossonvz driver is not that big. The ioctls is
just a single
> bossonvz_environment.c file. The harder part is the preparatory part which is
located in bossonvz_container.c
> and is quite complex since it closely mimics the code path of vzctl (otherwise the
driver would not work).
It's interesting. Can you point out where you code is?
And, btw, I think you would be interested in taking part in libcontainer
design, discussions and development. The link above is the place where we
try to settle down the new API and you're welcome to join :)
Thanks,
Pavel
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
9:28 a.m.
Thanks for the links. I'll definitely check them out.
The source code can be found at bossonvz.bosson.eu. But have in mind that the bossonvz
driver uses only a subset of the vzkernel API. Some vzctl functionality is not implemented
as it was not needed. Backwards compatibility with older vz kernels has also been dropped.
And a lot of the auxiliary code is hidden in libvirt functions (especially virCommand).
Thanks for the invitation. I believe the bossonvz driver could also leverage from that
kind of co-operation.
--
David Fabian
Cluster Design, s.r.o.
Dne Čt 3. července 2014 23:17:12, Pavel Emelyanov napsal(a):
On 07/03/2014 03:49 PM, Bosson VZ wrote:
> Fair enough. We have no problem to adapt to the new process. I don't know how
libcontainer is designed
> internally and how low-level it is but having a thin user-space wrapper around the
vzkernel would be wonderful.
Here's the preliminary version of it will look like: https://github.com/xemul/libct/
The API would get slightly shuffled to fit more the
https://github.com/docker/libcontainer/pull/28
> I wanted to use libvzctl in bossonvz to abstract the driver away from the low-level
stuff but the library
> is just too much interconnected with the veconf parser.
Well, the libcontainer API is not going to mess with configs at all. Everything
will be run-time.
> The current vz kernel API is not the nicest thing to work with to be honest and a
shared user-space library
> would help both vzctl and bossonvz. If you are interested in my POV on the kernel
API, I would say you
> should leave more work for the user-space. At the moment, when the user-space asks
for a new container,
> the vzkernel magically creates a new environment and sets everything (esp. cgroups)
by itself without any
> chance for the user-space to set anything. Because libvirt has its own cgroup
hierarchy model and any
> libvirt driver should honor it, bossonvz should, idealy, create cgroups for the
container under the libvirt
> hierarchy but it cannot since the kernel won't let it.
Yes, this is our 15-years-old API that was kept compatible with tools. Soon after
we started merging containers upstream we started the process of its deprecation,
and in the upcoming Rhel7-based kernel we're very close to the goal.
> As I see it, the driver has to do two separate things to successfully use the kernel
API. There are the
> vz specific syscalls/ioctls (e.g. VZCTL_ENV_CREATE_DATA) and there is a preparatory
work done in the
> user-space (preparing forked sub-processes, pipes, etc.). Is the new SDK going to
cover only the low-level
> code (ioctls) or will I be able to use some sort of a high-level function like
spawn_environment() and get
> PID of the newly created container's init?
The SDK is going to be quite high-level, and more sophisticated than existing libvzctl.
The libcontainer is going to be low-level but still more abstract than the kernel API.
> The amount of vz specific code in the bossonvz driver is not that big. The ioctls is
just a single
> bossonvz_environment.c file. The harder part is the preparatory part which is
located in bossonvz_container.c
> and is quite complex since it closely mimics the code path of vzctl (otherwise the
driver would not work).
It's interesting. Can you point out where you code is?
And, btw, I think you would be interested in taking part in libcontainer
design, discussions and development. The link above is the place where we
try to settle down the new API and you're welcome to join :)
Thanks,
Pavel
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
9:50 a.m.
Hello Daniel,
I have started working on Bossonvz slightly more than a year ago. As far as I remember,
back then I wanted to base my work on top of the existing Openvz libvirt driver but I was
dissappointed by the state of the driver. Our goal was to have a driver that supports
online migration and mount points management and after toying with the openvz driver for a
while we have decided to start from the scratch. Personaly, I also do not like the idea of
domain management by just calling the vz tools binaries and relying on parsing of the
resulting outputs.
The API stability is a very good question. Of course, to circumvent the vz tools and
touching the kernel we had to accept the fact that the kernel API might change in the
future. And it will most definitely do. This is not based on any formal proclamation in
any way but it is true that in a past year I did not have to change my code because of
some incompatibility in the vzkernel API (and I have tested the code with various vz
kernels ranging from 042stab068.8 to 042stab084.26). At the moment, since the vz tools are
the only user of the API, the vz developers can pretty much do whatever they like with the
kernel API. I believe it could be benefitial also to them to have another user of their
API.
The implementations (vztools and bossonvz) are independent but they share the same kernel.
This means that if I start a bossonvz domain, I can use vzlist and I will see the
appropriate container. The opposite does not work that way because bossonvz is a stateful
driver. So if I start a container by using vzctl, I will not see anything with virsh list.
But I would not be able to start a domain with the same veid; libvirt won't let me do
that because the kernel API call fails.
By default, bossonvz also does not touch any vz tools config files (mainly veid.conf), so
various vz tools that rely on the existence of the veid.conf for a running container
(vzctl enter) will refuse to co-operate. This is solved by the bossonvz hook which can
create stub veid.conf files to silence vzctl. After that, it is no problem to access the
domain with vzctl enter (we use it regularly since entering the domain with virsh is not
implemented yet). To sum up, the implementations influence one another to some extent but
neither is necessary for the other and both can run simultaneuosly side-by-side.
One of the goals we would like to reach is to have a uniform management interface for our
clients. It means that the virtualization technology (openvz, qemu/kvm) should be
abstracted away as much as possible. And because all qemu/libvirt management tools allow
the user to see the "screen", we wanted the same for bossonvz.
The implementation is located in bossonvz_vnc_* files. It is a stand-alone binary that is
started as a separate process on the domain's startup by a domain controller (similar
to the LXC domain controller). The VNC server binary opens up a tty device in the
container via a vzkernel API call but instead of passing the IO through to the host pty
device (like the LXC does), it actually intercepts the terminal sequences and renderes
them to a memory frame-buffer (all in user-space). On top of that sits a custom VNC server
implementation that serves the updated chunks to VNC clients. Everything is done in
user-space, no modifications to the upstream vzkernel are necessary. The code heavily uses
the libvirt util functions as well as uthash and some functions from libcrypto.
Since the VNC server runs on the host, it is invisible to the user in the container. If
for some reason the VNC server crashes, the domain controller can start it again without
influencing the state of the domain itself. During migration (or a suspend/resume cycle),
the state of the server is serialized to a file and stored on the domain's root
partition. From there, it is deserialized and loaded when the domain is resumed.
Since there is no dependency on the vzkernel API in the VNC server (apart from opening the
tty device), there shall be no problem to use the code in the LXC driver.
As far as the maintanence is concerned: Our bussinnes is centered around OpenVZ and
Qemu/kvm technologies. Primarly, we are prepared to provide a long-term support of the
bossonvz driver for every RedHat libvirt release and every stable vzkernel release because
we use the driver already in production on RedHat based distros. Had the driver be
accepted to the libvirt master with all the features that we need in the company, we are
ready to provide support there as well.
You are correct that LXC and OpenVZ cover the same thing, container virtualization.
However, until LXC offers the same level of features as OpenVZ provides, we will use our
bossonvz driver in the company.
--
David Fabian
Cluster Design, s.r.o.
Dne Po 30. června 2014 10:31:26, Daniel P. Berrange napsal(a):
On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
> Hello,
>
> in the company I work for, we use openvz and qemu/kvm on our clusters
> side-by-side. To manage our domains, we used libvirt/qemu for qemu/kvm
> domains and vz tools for openvz domains in the past. This was very
> inconvinient since the management differed in many ways. So we have
> decided to unify our management and use libvirt exclusively. Since the
> openvz driver already included in libvirt lacks features that need, we
> have implemented a new libvirt backend driver for openvz called the
> bossonvz driver.
Are there any particular reasons why you were unable to extend the
existing openvz driver to do what you needed ? I know openvz driver
has been mostly unmaintained and its code isn't too pleasant, but
it'd still be nice to know what show-stopper problems you saw with
using it as a base for more work.
> Unlike the openvz driver, bossonvz is a complete, feature-rich stateful
> libvirt driver. It uses the libvirt driver API exclusively and
> communicates with the kernel directly, much like the LXC driver. The
> code is hugely inspired by the LXC driver and the Qemu driver, but adds
> a bit of functionality to the libvirt core too. More details and the
> source code can be found at
>
> http://bossonvz.bosson.eu/
>
> The driver is completely independent of vz tools, it needs only a
> running vz kernel.
That's very interesting. Do you know if there is any statement of
support for the OpenVZ kernel <-> userspace API. I know the mainline
kernel aims to maintain userspace API compatibility, but are all the
custom additions that the OpenVZ fork has maintained in a compatible
manner as OpenVZ provides new versions ?
eg is there any significant risk that when a new OpenVZ release
comes out, kernel changes might break this new driver, or are they
careful to maintain compat for the mgmt layer ?
Also is there interoperability between this driver and the openvz
tools. eg if openvz tools launch a guest, can it be seen and managed
by this driver, and vica-verca ? Or are they completely separate
views and non-interacting ?
> One of the things, we are most proud of, is the
> possibility to access the domain's tty via VNC (hurray to uniform
> management web interfaces).
That's nice - care to elaborate on the technical architecture
of this ? Presumably when you say 'tty' you mean the VNC is just
a frontend to the text-mode console, it isn't providing any kind
of virtualized graphical framebuffer. Is this VNC support you
have part of the libvirt patches, or a standalone component that
just interacts with it ?
Basically I'm wondering whether this VNC support is something we
can leverage in the LXC driver too ?
> Since the code was developed in-house (primarily for internal
> purposes), it is based on an older libvirt release (1.1.2). There
> are also some modifications to the libvirt core (virCommand) and
> the domain file (mount options syntax) which might need some
> redesign.
>
> At the moment I would like to get some feedback on the driver. In
> the future, I would like to see the driver merged upstream, and
> am prepared to do the work but I need to know if there is any
> interest in doing so.
As you've probably already figured out, we generally welcome support for
new virtualization drivers. The two big questions to me are
- Are you able to provide ongoing maintaince and development of
this driver for the future ? We're already suffering from a lack
of people able to maintain the existing openvz driver and the
related parallels isn't too active either. Basically we'd like
to see a commitment to be an active maintainer of the code.
- What do you see as the long term future of the driver ? I've
already asked whether there's any risk from future OpenVZ releases
potentially breaking things. Historically the idea with the kernel's
namespace support was that the OpenVZ forked kernel would be able
to go away. IIUC, the openvz userspace can already run on top of a
plain mainline kernel, albeit with reduced features compared to when
it runs on openvz kernel fork. If we assume the trend of merging
OpenVZ features into mainline continues, we might get to a point
where OpenVZ kernel fork no longer exists. At that point I wonder
what would be the compelling differences between BossonVZ and the
LXC driver ? ie why would we benefit from 2 container drivers for
the same kernel functionality.
Regards,
Daniel
3789
days inactive
3799
days old
14 comments
5 participants
participants (5)
-
Bosson VZ -
Daniel P. Berrange -
Daniel Veillard -
Dmitry Mishin -
Pavel Emelyanov