Re: [openstack-dev] [Nova]Why nova mounts FS for LXC container instead of libvirt?
On 01/12/2015 06:35 PM, Daniel P. Berrange wrote: On Mon, Jan 12, 2015 at 06:28:53PM +0300, Dmitry Guryanov wrote: On 01/05/2015 02:30 PM, Daniel P. Berrange wrote: On Tue, Dec 30, 2014 at 05:18:19PM +0300, Dmitry Guryanov wrote: Hello, Libvirt can create loop or nbd device for LXC container and mount it by itself, for instance, you can add something like this to xml config: But nova mounts filesystem for container by itself. Is this because rhel-6 doesn't support filesystems with type='file' or there are some other reasons? The support for mounting using NBD in OpenStack pre-dated the support for doing this in Libvirt. In faact the reason I added this feature to libvirt was precisely because OpenStack was doing this. We haven't switched Nova over to use this new syntax yet though, because that would imply a change to the min required libvirt version for LXC. That said we should probably make such a change, because honestly no one should be using LXC without using user namespaces, othewise their cloud is horribly insecure. This would imply making the min libvirt for LXC much much newer than it is today. It's not very hard to replace mounting in nova with generating proper xml config. Can we do it before kilo release? Are there any people, who use openstack with LXC in production? Looking at libvirt history, it would mean we mandate 1.0.6 as the min libvirt for use with the LXC driver. Regards, Daniel I've created RFC patches: https://review.openstack.org/#/c/147535/ https://review.openstack.org/#/c/147534/ https://review.openstack.org/#/c/147533/ -- Dmitry Guryanov __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova]Why nova mounts FS for LXC container instead of libvirt?
On Mon, Jan 12, 2015 at 06:28:53PM +0300, Dmitry Guryanov wrote: > On 01/05/2015 02:30 PM, Daniel P. Berrange wrote: > >On Tue, Dec 30, 2014 at 05:18:19PM +0300, Dmitry Guryanov wrote: > >>Hello, > >> > >>Libvirt can create loop or nbd device for LXC container and mount it by > >>itself, for instance, you can add something like this to xml config: > >> > >> > >> > >> > >> > >> > >> > >>But nova mounts filesystem for container by itself. Is this because rhel-6 > >>doesn't support filesystems with type='file' or there are some other > >>reasons? > >The support for mounting using NBD in OpenStack pre-dated the support > >for doing this in Libvirt. In faact the reason I added this feature to > >libvirt was precisely because OpenStack was doing this. > > > >We haven't switched Nova over to use this new syntax yet though, because > >that would imply a change to the min required libvirt version for LXC. > >That said we should probably make such a change, because honestly no > >one should be using LXC without using user namespaces, othewise their > >cloud is horribly insecure. This would imply making the min libvirt for > >LXC much much newer than it is today. > > > > It's not very hard to replace mounting in nova with generating proper xml > config. Can we do it before kilo release? Are there any people, who use > openstack with LXC in production? Looking at libvirt history, it would mean we mandate 1.0.6 as the min libvirt for use with the LXC driver. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova]Why nova mounts FS for LXC container instead of libvirt?
On 01/05/2015 02:30 PM, Daniel P. Berrange wrote: On Tue, Dec 30, 2014 at 05:18:19PM +0300, Dmitry Guryanov wrote: Hello, Libvirt can create loop or nbd device for LXC container and mount it by itself, for instance, you can add something like this to xml config: But nova mounts filesystem for container by itself. Is this because rhel-6 doesn't support filesystems with type='file' or there are some other reasons? The support for mounting using NBD in OpenStack pre-dated the support for doing this in Libvirt. In faact the reason I added this feature to libvirt was precisely because OpenStack was doing this. We haven't switched Nova over to use this new syntax yet though, because that would imply a change to the min required libvirt version for LXC. That said we should probably make such a change, because honestly no one should be using LXC without using user namespaces, othewise their cloud is horribly insecure. This would imply making the min libvirt for LXC much much newer than it is today. Regards, Daniel It's not very hard to replace mounting in nova with generating proper xml config. Can we do it before kilo release? Are there any people, who use openstack with LXC in production? -- Dmitry Guryanov __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] Why nova mounts FS for LXC container instead of libvirt?
On Tuesday 30 December 2014 17:18:19 Dmitry Guryanov wrote: > Hello, > > Libvirt can create loop or nbd device for LXC container and mount it by > itself, for instance, you can add something like this to xml config: > > > > > > > > But nova mounts filesystem for container by itself. Is this because rhel-6 > doesn't support filesystems with type='file' or there are some other > reasons? Sorry, forgot to add [Nova] prefix in the first message. -- Dmitry Guryanov ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
