[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] Virtual networking



Daniel P. Berrange wrote:  [Tue Jan 16 2007, 04:54:49PM EST]
> On Tue, Jan 16, 2007 at 04:19:37PM -0500, Aron Griffis wrote:
> > Daniel P. Berrange wrote:  [Tue Jan 16 2007, 10:57:03AM EST]
> > > 2. The way I was always anticipating remote use of libvirt to work. The
> > >    app uses libvirt locally which opens a connection to the remote machine
> > >    using whatever remote management protocol is relevant for the hypervisor
> > >    in question. eg, HTTP/XML-RPC for Xen, or the TLS secured binary format
> > >    for the prototype QEMU backend.
> > > 
> > >    http://people.redhat.com/berrange/libvirt/libvirt-arch-remote-1.png
> > 
> > So this works to manage a remote host that might not have libvirt
> > installed...
> 
> Provided the host in question provided a secure remote management system.
> Until Xen-API is supported, even Xen doesn't have a useful remote management
> system since its currents APIs have zero auth. Other non-Xen virt produces
> don't have any remote management.

*nod*

> > > 3. The way I think you re suggesting - a libvirt server on every remote
> > >    host which calls into the regular libvirt internal driver model to
> > >    proxy remote calls. So even if the hypervisor in question provides a
> > >    remote network management API, we will always use the local API and
> > >    do *all* remote networking via the libvirt server
> > > 
> > >    http://people.redhat.com/berrange/libvirt/libvirt-arch-remote-2.png
> > 
> > ...and this requires each managed host to have libvirt(d).
> > 
> > This is considered a reasonable requirement?
> 
> Personally it doesn't worry me too much - by all means though, I'm open to 
> arguments against it too.....
> 
> The way I currently look at the problem, needing to deploy a small
> C based management daemon (merely linked to an SSL library for
> secure comms) isn't very onerous in comparison to the enourmous pile
> of python code Xen already requires. For non-Xen backends we'll
> definitely need a daemon of some form, since QEMU / KVM / UML / etc
> don't have any management daemon at all. For administrators there's
> a certain benefit to only having to worry about opening up one
> daemon to the public network regardless of which virt system in use.

What's the gap (if any) between libvirtd and xend capabilities?  i.e.
could libvirtd eventually allow dom0 to omit the python-based xen mgmt
stack to shrink dom0 to a significantly thinner OS instance?

> But then maybe we actually need to support both remote management models ? 

IMHO unnecessary complexity.

> Would a requirement for a libvirtd be a problem for your use cases ?

I don't think so.  Mostly I was verifying my understanding, and that
the requirement was considered.

Thanks,
Aron

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]