On 01/30/2012 08:45 AM, Daniel Veillard wrote: > Hi everybody, > > I guess the best is to ask Chip Vincent about those oVirt Node > integration issues. CIM is not always trivial to setup in a normal > RHEL environment, and I'm afraid nobody tried it on a read-only > root/stateless environment. Chip I think the expertise from some > of your libvirt-cim team is needed there, I guess the best is to provide > an image to someone knowledgeable in the set-u and have him check > the issues. Maybe Eduardo ro you can have a look ? > > thanks ! > > Daniel > > On Sun, Jan 29, 2012 at 10:39:03AM -0500, Perry Myers wrote: >> One of the items on our backlog has been to include CIM server/providers >> on oVirt Node. Initially we'll do this statically and include things >> like sblim, tog-pegasus, libvirt-cim as part of the core Node recipe. > > P.S.: shouldn't only one of sblim/tog-pegasus be needed and not both ? > One server should be sufficient isn't it and the goal is still > to limit the size of images. Which one to pick may be the result > of which one is the easier to coerce to work in root RO mode, > or the smaller of the two ...
I asked Anthony about this, and he explained it to me... sblim is both a collection of CIM providers as well as a server. tog-pegasus is just the server. So you can either use: sblim + tog-pegasus or sblim + sblim-sfcb If you omit sfcb from the oVirt Node, then you can use tog-pegasus in its place. It's also my understanding that sblim-sfcb and tog-pegasus are not fully interchangeable as there are some providers that will only work with one or the other. So far, it seems like tog-pegasus is what folks want specifically, so that is what we have been focusing on. Perry >> Later, we can use the 'plugin' concept so that this functionality can be >> added by those that need it, and for those that don't they can ignore. >> >> Some questions have come up around this point, and since the Node team >> aren't CIM experts, we wanted to reach out to folks that have been using >> it a little more heavily to make sure we're on the right track. >> >> Some of the technical things we've run into are: >> >> 1. Our initial attempt at getting tog-pegasus and friends running >> failed due to lots of issues with r/o root filesystem. Might need >> help from folks more knowledgeable about CIM to halp resolve that. >> >> Anthony, I think you might have some kickstart snippets that would >> be of use here, correct? >> >> 2. Once you've got the CIM server there (tog-pegasus) you need to have >> some way to enable/disable it, which right now isn't easy to do >> except via offline image manipulation (since you can't persist >> symlinks in stateless Linux). >> >> 3. When the CIM server is enabled, need to unblock the appropriate >> firewall port, which again is not trivial to do given the stateless >> nature of the Node via tools like lokkit. (Perhaps firewalld will >> make this easier, but for now firewalld doesn't look mature enough >> to begin using in earnest) >> >> 4. How should CIM be secured and configured for authentication? Do we >> need to provide some mechanism for deploying SSL client certs into >> the Node for tog-pegasus to use? What about setting simple >> user/pass auth? >> >> 5. What sort of other configuration should be exposed for CIM >> providers? >> >> Geert/Anthony/DV, if you guys have thoughts on the above questions or >> can point us at other people to loop into this thread, that would be >> helpful. >> >> Thanks! >> >> Perry > _______________________________________________ node-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-devel
