Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On Wed, Oct 02, 2013 at 11:07:23AM -0700, Ravi Chunduru wrote: Hi Daniel, I will modify the blueprint as per your suggestions. Actually, we can use state_path in nova.conf if set or the default location. This set of config vars: - Enable unix channels - No of Unix Channels - Target name is really overkill. All you need is a list of target names really. The 'enable unix channels' option is obviously 'true' if you have any target names listed. And likewise the number of channels is just the number of target names listed. Also all hardware related config properties should have a 'hw_' prefix on their name eg # glance image-update \ --property hw_channels=name1,name2,name3 \ f16-x86_64-openstack-sda I still don't see clear enough information in the blueprint about how this is actually going to be used. In particular the interaction between neutron nova. eg you talk about neutron agents, which implies that the admins who run the OpenStack instance are in charge. But then the image meta stuff is really end user facing. In the talk of 'appliance vendors' is unclear who is deploying the stuff provided by the vendors. I'd like to see the blueprint outline the complete process of how each part is configured from end-to-end and who is responsible for each bit. If this is intended to be completely internal to the admins running the neutron/nova services, then we don't want the glance image properties to be exposed to end users. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Daniel, I will modify the blueprint as per your suggestions. Actually, we can use state_path in nova.conf if set or the default location. Thanks, -Ravi. On Tue, Oct 1, 2013 at 1:57 AM, Daniel P. Berrange berra...@redhat.comwrote: On Mon, Sep 30, 2013 at 02:25:30PM -0700, Ravi Chunduru wrote: Alessandro, I agree with you. I created a Blueprint. Let us collaborate and achieve this on all types of hypervisors. All, Here is the link for the BP as discussed. https://blueprints.launchpad.net/nova/+spec/appliance-communication-channel That needs to be expanded to describe more about the intended usage of the setup, and consider any security issues. IMHO we really do not want this exposed to end users - particularly not whuen you are proposing the ability to set arbitrary file paths for the UNIX sockets against images. That woudl be a security flaw as proposed in that doc. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/:| |: http://libvirt.org -o- http://virt-manager.org:| |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
The blueprint currently seems libvirt specific to me? Is there a common - perhaps abstracted - interface that we can provide through Nova / image meta-data which will be implemented by each driver in their own way? Otherwise I can see a bigger mess of metadata values where libvirt uses enable_unix_channels, Xen uses enable_cross_domain_channel - each with their corresponding and custom ways of configuring the behaviour. Bob From: Ravi Chunduru [ravi...@gmail.com] Sent: 02 October 2013 19:07 To: Daniel P. Berrange; OpenStack Development Mailing List Subject: Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver Hi Daniel, I will modify the blueprint as per your suggestions. Actually, we can use state_path in nova.conf if set or the default location. Thanks, -Ravi. On Tue, Oct 1, 2013 at 1:57 AM, Daniel P. Berrange berra...@redhat.commailto:berra...@redhat.com wrote: On Mon, Sep 30, 2013 at 02:25:30PM -0700, Ravi Chunduru wrote: Alessandro, I agree with you. I created a Blueprint. Let us collaborate and achieve this on all types of hypervisors. All, Here is the link for the BP as discussed. https://blueprints.launchpad.net/nova/+spec/appliance-communication-channel That needs to be expanded to describe more about the intended usage of the setup, and consider any security issues. IMHO we really do not want this exposed to end users - particularly not whuen you are proposing the ability to set arbitrary file paths for the UNIX sockets against images. That woudl be a security flaw as proposed in that doc. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Bob, Are we talking about naming convention, if so - I am open to suggestions. We are defining metadata for Image - Based on it, virt drivers can consume it appropriately. Thanks, -Ravi. On Wed, Oct 2, 2013 at 3:17 PM, Bob Ball bob.b...@citrix.com wrote: The blueprint currently seems libvirt specific to me? Is there a common - perhaps abstracted - interface that we can provide through Nova / image meta-data which will be implemented by each driver in their own way? Otherwise I can see a bigger mess of metadata values where libvirt uses enable_unix_channels, Xen uses enable_cross_domain_channel - each with their corresponding and custom ways of configuring the behaviour. Bob -- *From:* Ravi Chunduru [ravi...@gmail.com] *Sent:* 02 October 2013 19:07 *To:* Daniel P. Berrange; OpenStack Development Mailing List *Subject:* Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver Hi Daniel, I will modify the blueprint as per your suggestions. Actually, we can use state_path in nova.conf if set or the default location. Thanks, -Ravi. On Tue, Oct 1, 2013 at 1:57 AM, Daniel P. Berrange berra...@redhat.comwrote: On Mon, Sep 30, 2013 at 02:25:30PM -0700, Ravi Chunduru wrote: Alessandro, I agree with you. I created a Blueprint. Let us collaborate and achieve this on all types of hypervisors. All, Here is the link for the BP as discussed. https://blueprints.launchpad.net/nova/+spec/appliance-communication-channel That needs to be expanded to describe more about the intended usage of the setup, and consider any security issues. IMHO we really do not want this exposed to end users - particularly not whuen you are proposing the ability to set arbitrary file paths for the UNIX sockets against images. That woudl be a security flaw as proposed in that doc. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On Mon, Sep 30, 2013 at 02:25:30PM -0700, Ravi Chunduru wrote: Alessandro, I agree with you. I created a Blueprint. Let us collaborate and achieve this on all types of hypervisors. All, Here is the link for the BP as discussed. https://blueprints.launchpad.net/nova/+spec/appliance-communication-channel That needs to be expanded to describe more about the intended usage of the setup, and consider any security issues. IMHO we really do not want this exposed to end users - particularly not whuen you are proposing the ability to set arbitrary file paths for the UNIX sockets against images. That woudl be a security flaw as proposed in that doc. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Daniel, Thanks for comments and examples. As you already know that for any application running on Host platform can communicate with Guest through Virtio-Serial device. What we are looking at is the security provided by Apparmor is crucial so that the Host will not allow any software running in Guest can access outside of the directories/files dynamically added in the libvirt-qemue configuration file of apparmor. As this file is created dynamically from Libvirt XML file, We are thinking that if we can expose Virtio-serial device of Guest through Dashboard [Horizon], Then it will be good from host security perspective and as well it is upto the User to enable virtio-serial interface based on his requirements like Application software requirement in Guest. Appreciate your comments or suggestions on this. Regards, Balaji.P -Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Thursday, September 26, 2013 1:41 PM To: P Balaji-B37839 Cc: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver On Thu, Sep 26, 2013 at 03:05:16AM +, P Balaji-B37839 wrote: Hi Ravi, We did this as part of PoC few months back. Daniel can give us more comments on this as he is the lead for Libvirt support in Nova. Just adding the ability to expose virtio-serial devices to the guest doesn't do much. You need to have a credible story for what connects and deals with the host side of the device in Nova. For the QEMU guest agent, libvirt will own the host side and use it for various APIs it supports. For the SPICE agent, QEMU owns the host side and uses it to support functionality used by the SPICE client. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On Mon, Sep 30, 2013 at 08:32:51AM +, P Balaji-B37839 wrote: Hi Daniel, Thanks for comments and examples. As you already know that for any application running on Host platform can communicate with Guest through Virtio-Serial device. What we are looking at is the security provided by Apparmor is crucial so that the Host will not allow any software running in Guest can access outside of the directories/files dynamically added in the libvirt-qemue configuration file of apparmor. As this file is created dynamically from Libvirt XML file, We are thinking that if we can expose Virtio-serial device of Guest through Dashboard [Horizon], Then it will be good from host security perspective and as well it is upto the User to enable virtio-serial interface based on his requirements like Application software requirement in Guest. This doesn't really answer my question. There are 2 commonly available agents (SPICE agent + QEMU guest agent) in the KVM world and we have support for those in Nova at least. There may be UI missing in Horizon to enable though. Any further agents would require some kind of software integration on the host with either qemu, libvirt or Nova itself. So any blueprint should specify what that new agent is, and how it will be integrated in the Nova compute host. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On Mon, Sep 30, 2013 at 08:32:51AM +, P Balaji-B37839 wrote: Hi Daniel, Thanks for comments and examples. As you already know that for any application running on Host platform can communicate with Guest through Virtio-Serial device. What we are looking at is the security provided by Apparmor is crucial so that the Host will not allow any software running in Guest can access outside of the directories/files dynamically added in the libvirt-qemue configuration file of apparmor. As this file is created dynamically from Libvirt XML file, We are thinking that if we can expose Virtio-serial device of Guest through Dashboard [Horizon], Then it will be good from host security perspective and as well it is upto the User to enable virtio-serial interface based on his requirements like Application software requirement in Guest. This doesn't really answer my question. There are 2 commonly available agents (SPICE agent + QEMU guest agent) in the KVM world and we have support for those in Nova at least. There may be UI missing in Horizon to enable though. Any further agents would require some kind of software integration on the host with either qemu, libvirt or Nova itself. So any blueprint should specify what that new agent is, and how it will be integrated in the Nova compute host. [P Balaji-B37839] Correct. Nova has support for the commonly available agents as listed above. We are thinking about generic interface which can be used by any application software in Guest. More precisely, it will be like there won't be any agent in VM, Instead any Application Software can use this generic Virtio-Serial Interface to make use of communicating with Host. Using libvirt frame work might be best option, so that security aspects of exposing this interface can be taken care. Please comment. Regards, Balaji.P Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On Mon, Sep 30, 2013 at 08:59:47AM +, P Balaji-B37839 wrote: On Mon, Sep 30, 2013 at 08:32:51AM +, P Balaji-B37839 wrote: Hi Daniel, Thanks for comments and examples. As you already know that for any application running on Host platform can communicate with Guest through Virtio-Serial device. What we are looking at is the security provided by Apparmor is crucial so that the Host will not allow any software running in Guest can access outside of the directories/files dynamically added in the libvirt-qemue configuration file of apparmor. As this file is created dynamically from Libvirt XML file, We are thinking that if we can expose Virtio-serial device of Guest through Dashboard [Horizon], Then it will be good from host security perspective and as well it is upto the User to enable virtio-serial interface based on his requirements like Application software requirement in Guest. This doesn't really answer my question. There are 2 commonly available agents (SPICE agent + QEMU guest agent) in the KVM world and we have support for those in Nova at least. There may be UI missing in Horizon to enable though. Any further agents would require some kind of software integration on the host with either qemu, libvirt or Nova itself. So any blueprint should specify what that new agent is, and how it will be integrated in the Nova compute host. [P Balaji-B37839] Correct. Nova has support for the commonly available agents as listed above. We are thinking about generic interface which can be used by any application software in Guest. More precisely, it will be like there won't be any agent in VM, Instead any Application Software can use this generic Virtio-Serial Interface to make use of communicating with Host. Using libvirt frame work might be best option, so that security aspects of exposing this interface can be taken care. Please fix your email client so that it properly indents text you are quoting with ' '. It makes it very hard to follow replies as your do it now. Communicating with *what* on the host ? Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Daniel, Thanks for comments and examples. As you already know that for any application running on Host platform can communicate with Guest through Virtio-Serial device. What we are looking at is the security provided by Apparmor is crucial so that the Host will not allow any software running in Guest can access outside of the directories/files dynamically added in the libvirt-qemue configuration file of apparmor. As this file is created dynamically from Libvirt XML file, We are thinking that if we can expose Virtio-serial device of Guest through Dashboard [Horizon], Then it will be good from host security perspective and as well it is upto the User to enable virtio-serial interface based on his requirements like Application software requirement in Guest. This doesn't really answer my question. There are 2 commonly available agents (SPICE agent + QEMU guest agent) in the KVM world and we have support for those in Nova at least. There may be UI missing in Horizon to enable though. Any further agents would require some kind of software integration on the host with either qemu, libvirt or Nova itself. So any blueprint should specify what that new agent is, and how it will be integrated in the Nova compute host. [P Balaji-B37839] Correct. Nova has support for the commonly available agents as listed above. We are thinking about generic interface which can be used by any application software in Guest. More precisely, it will be like there won't be any agent in VM, Instead any Application Software can use this generic Virtio-Serial Interface to make use of communicating with Host. Using libvirt frame work might be best option, so that security aspects of exposing this interface can be taken care. Please fix your email client so that it properly indents text you are quoting with ' '. It makes it very hard to follow replies as your do it now. Communicating with *what* on the host ? [P Balaji-B37839] Here *what* refers to any daemon/agent which is proprietary based on the Application architecture inside Guest using the Virtio-Serial Interface created for VM. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt- manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk- vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On Mon, Sep 30, 2013 at 11:31:58AM +, P Balaji-B37839 wrote: Hi Daniel, Thanks for comments and examples. As you already know that for any application running on Host platform can communicate with Guest through Virtio-Serial device. What we are looking at is the security provided by Apparmor is crucial so that the Host will not allow any software running in Guest can access outside of the directories/files dynamically added in the libvirt-qemue configuration file of apparmor. As this file is created dynamically from Libvirt XML file, We are thinking that if we can expose Virtio-serial device of Guest through Dashboard [Horizon], Then it will be good from host security perspective and as well it is upto the User to enable virtio-serial interface based on his requirements like Application software requirement in Guest. This doesn't really answer my question. There are 2 commonly available agents (SPICE agent + QEMU guest agent) in the KVM world and we have support for those in Nova at least. There may be UI missing in Horizon to enable though. Any further agents would require some kind of software integration on the host with either qemu, libvirt or Nova itself. So any blueprint should specify what that new agent is, and how it will be integrated in the Nova compute host. [P Balaji-B37839] Correct. Nova has support for the commonly available agents as listed above. We are thinking about generic interface which can be used by any application software in Guest. More precisely, it will be like there won't be any agent in VM, Instead any Application Software can use this generic Virtio-Serial Interface to make use of communicating with Host. Using libvirt frame work might be best option, so that security aspects of exposing this interface can be taken care. Please fix your email client so that it properly indents text you are quoting with ' '. It makes it very hard to follow replies as your do it now. Communicating with *what* on the host ? [P Balaji-B37839] Here *what* refers to any daemon/agent which is proprietary based on the Application architecture inside Guest using the Virtio-Serial Interface created for VM. I'm not convinced that we should be in the business of adding features to Nova for integration with arbitrary, closed source host components which we have no information about. Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On 09/30/2013 07:51 AM, Daniel P. Berrange wrote: snip I'm not convinced that we should be in the business of adding features to Nova for integration with arbitrary, closed source host components which we have no information about. +1 -Sean -- Sean Dague http://dague.net ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On 09/30/2013 07:57 AM, Sean Dague wrote: On 09/30/2013 07:51 AM, Daniel P. Berrange wrote: snip I'm not convinced that we should be in the business of adding features to Nova for integration with arbitrary, closed source host components which we have no information about. +1 +2 -- Russell Bryant ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Let me present an use case. Today Nova enables to launch guests of different types. For real deployments we would need appliances from various vendors to run as instances. Appliances can be Loadbalancer, Firewall, IPsec, Routers or UTM etc., These appliances can be tied up with Neutron Services and would need configuration from various services like FWaaS, LBaaS, VPNaaS etc., One way to configure these appliances from Neutron Agents is by opening up the so needed virtio unix channel socket and reach the configuration daemon in the appliance. Other approach is by having a separate network for management activities and having agent to communicate to a daemon in netns to reach out to appliance. For us, it means additional daemon in the second approach. In case of first approach it is similar to Vmware way of configuring appliance. Check this for reference http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=displayKCexternalId=1010806 Please look from Network appliance perspective to enable this featue. I welcome if you can suggest us if spicevm or generic qemu guest agent can help. If so, how the adaptability with vendors can be solved. Let me know if you need more information. Thanks, -Ravi. On Mon, Sep 30, 2013 at 8:05 AM, Russell Bryant rbry...@redhat.com wrote: On 09/30/2013 07:57 AM, Sean Dague wrote: On 09/30/2013 07:51 AM, Daniel P. Berrange wrote: snip I'm not convinced that we should be in the business of adding features to Nova for integration with arbitrary, closed source host components which we have no information about. +1 +2 -- Russell Bryant ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Daniel, Not sure that I conveyed the use case of this in Nova clearly. Please find the below as few more data points on this. i) Host to Guest Communication feature is good to have through Nova-Libvirt. Using generic Virtio-Serial Interface for this will be a better option because the dynamic apparmor abstractions file created for libvirt-qemu will take care of security aspects of Host. ii) KVM Hypervisor using Libvirt needs VMCI [VMWare] kind of library which can support secure way of host-guest communication. Though this kind of library support in Libvirt is not available now, Using the existing Virtio-Serial Interface will be good to start with. iii) We want to make KVM hypervisor with Libvirt more flexible enough so that different Networking Vendors can make use of it based on their Network Application Software Architecture. iv)Though we can make use of Guest Agent, But it will add another daemon in Guest which is not optimal. Regards, Balaji.P -Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Monday, September 30, 2013 5:21 PM To: P Balaji-B37839 Cc: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver On Mon, Sep 30, 2013 at 11:31:58AM +, P Balaji-B37839 wrote: Hi Daniel, Thanks for comments and examples. As you already know that for any application running on Host platform can communicate with Guest through Virtio-Serial device. What we are looking at is the security provided by Apparmor is crucial so that the Host will not allow any software running in Guest can access outside of the directories/files dynamically added in the libvirt-qemue configuration file of apparmor. As this file is created dynamically from Libvirt XML file, We are thinking that if we can expose Virtio-serial device of Guest through Dashboard [Horizon], Then it will be good from host security perspective and as well it is upto the User to enable virtio-serial interface based on his requirements like Application software requirement in Guest. This doesn't really answer my question. There are 2 commonly available agents (SPICE agent + QEMU guest agent) in the KVM world and we have support for those in Nova at least. There may be UI missing in Horizon to enable though. Any further agents would require some kind of software integration on the host with either qemu, libvirt or Nova itself. So any blueprint should specify what that new agent is, and how it will be integrated in the Nova compute host. [P Balaji-B37839] Correct. Nova has support for the commonly available agents as listed above. We are thinking about generic interface which can be used by any application software in Guest. More precisely, it will be like there won't be any agent in VM, Instead any Application Software can use this generic Virtio-Serial Interface to make use of communicating with Host. Using libvirt frame work might be best option, so that security aspects of exposing this interface can be taken care. Please fix your email client so that it properly indents text you are quoting with ' '. It makes it very hard to follow replies as your do it now. Communicating with *what* on the host ? [P Balaji-B37839] Here *what* refers to any daemon/agent which is proprietary based on the Application architecture inside Guest using the Virtio-Serial Interface created for VM. I'm not convinced that we should be in the business of adding features to Nova for integration with arbitrary, closed source host components which we have no information about. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt- manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk- vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Ravi, Thanks for giving reference examples. Though I tried to give very generic use case without referring to Networking use cases. It is good that you referred to examples so that the community can understand the need for it. Regards, Balaji.P From: Ravi Chunduru [mailto:ravi...@gmail.com] Sent: Monday, September 30, 2013 10:16 PM To: OpenStack Development Mailing List; Palanisamy, Anand Cc: Sean Dague Subject: Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver Let me present an use case. Today Nova enables to launch guests of different types. For real deployments we would need appliances from various vendors to run as instances. Appliances can be Loadbalancer, Firewall, IPsec, Routers or UTM etc., These appliances can be tied up with Neutron Services and would need configuration from various services like FWaaS, LBaaS, VPNaaS etc., One way to configure these appliances from Neutron Agents is by opening up the so needed virtio unix channel socket and reach the configuration daemon in the appliance. Other approach is by having a separate network for management activities and having agent to communicate to a daemon in netns to reach out to appliance. For us, it means additional daemon in the second approach. In case of first approach it is similar to Vmware way of configuring appliance. Check this for reference http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=displayKCexternalId=1010806 Please look from Network appliance perspective to enable this featue. I welcome if you can suggest us if spicevm or generic qemu guest agent can help. If so, how the adaptability with vendors can be solved. Let me know if you need more information. Thanks, -Ravi. On Mon, Sep 30, 2013 at 8:05 AM, Russell Bryant rbry...@redhat.commailto:rbry...@redhat.com wrote: On 09/30/2013 07:57 AM, Sean Dague wrote: On 09/30/2013 07:51 AM, Daniel P. Berrange wrote: snip I'm not convinced that we should be in the business of adding features to Nova for integration with arbitrary, closed source host components which we have no information about. +1 +2 -- Russell Bryant ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On Mon, Sep 30, 2013 at 09:46:02AM -0700, Ravi Chunduru wrote: Let me present an use case. Today Nova enables to launch guests of different types. For real deployments we would need appliances from various vendors to run as instances. Appliances can be Loadbalancer, Firewall, IPsec, Routers or UTM etc., These appliances can be tied up with Neutron Services and would need configuration from various services like FWaaS, LBaaS, VPNaaS etc., One way to configure these appliances from Neutron Agents is by opening up the so needed virtio unix channel socket and reach the configuration daemon in the appliance. Other approach is by having a separate network for management activities and having agent to communicate to a daemon in netns to reach out to appliance. Thanks, this is the kind of usage information I was asking for, wrt host integration. This shows the use case for virtio-serial is as a mechanism for integration between infrastructure pieces controlled by the cloud admin, not as something that is targetted towards end users of the cloud. I think we need to have a detailed blueprint for this, describing the use case(s) to be addressed and proposing some possible design(s). Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Alessandro, I agree with you. I created a Blueprint. Let us collaborate and achieve this on all types of hypervisors. All, Here is the link for the BP as discussed. https://blueprints.launchpad.net/nova/+spec/appliance-communication-channel Thanks, -Ravi. On Mon, Sep 30, 2013 at 12:56 PM, Alessandro Pilotti apilo...@cloudbasesolutions.com wrote: Hi all, A host / guest communication channel can be useful in a lot of scenarios. What about thinking on a common interface to be implemented on other hypervisors as well and not only on KVM? We're planning to start working on something similar for Hyper-V and there were some chats about ideas related to XenServer as well (John?). Each hypervisor provides different ways of achieving this goal, but IMO it'd be fairly easy to define a common adapter interface. Alessandro On Sep 30, 2013, at 20:21 , Daniel P. Berrange berra...@redhat.com wrote: On Mon, Sep 30, 2013 at 09:46:02AM -0700, Ravi Chunduru wrote: Let me present an use case. Today Nova enables to launch guests of different types. For real deployments we would need appliances from various vendors to run as instances. Appliances can be Loadbalancer, Firewall, IPsec, Routers or UTM etc., These appliances can be tied up with Neutron Services and would need configuration from various services like FWaaS, LBaaS, VPNaaS etc., One way to configure these appliances from Neutron Agents is by opening up the so needed virtio unix channel socket and reach the configuration daemon in the appliance. Other approach is by having a separate network for management activities and having agent to communicate to a daemon in netns to reach out to appliance. Thanks, this is the kind of usage information I was asking for, wrt host integration. This shows the use case for virtio-serial is as a mechanism for integration between infrastructure pieces controlled by the cloud admin, not as something that is targetted towards end users of the cloud. I think we need to have a detailed blueprint for this, describing the use case(s) to be addressed and proposing some possible design(s). Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/:| |: http://libvirt.org -o- http://virt-manager.org:| |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Ravi and Daniel, Good that we all converged on the need for this support in Nova Libvirt Driver. We will collaborate together on this blueprint and make it upstream for IceHouse. Regards, Balaji.P -Original Message- From: Daniel P. Berrange [mailto:berra...@redhat.com] Sent: Monday, September 30, 2013 11:52 PM To: OpenStack Development Mailing List Cc: Sean Dague Subject: Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver On Mon, Sep 30, 2013 at 09:46:02AM -0700, Ravi Chunduru wrote: Let me present an use case. Today Nova enables to launch guests of different types. For real deployments we would need appliances from various vendors to run as instances. Appliances can be Loadbalancer, Firewall, IPsec, Routers or UTM etc., These appliances can be tied up with Neutron Services and would need configuration from various services like FWaaS, LBaaS, VPNaaS etc., One way to configure these appliances from Neutron Agents is by opening up the so needed virtio unix channel socket and reach the configuration daemon in the appliance. Other approach is by having a separate network for management activities and having agent to communicate to a daemon in netns to reach out to appliance. Thanks, this is the kind of usage information I was asking for, wrt host integration. This shows the use case for virtio-serial is as a mechanism for integration between infrastructure pieces controlled by the cloud admin, not as something that is targetted towards end users of the cloud. I think we need to have a detailed blueprint for this, describing the use case(s) to be addressed and proposing some possible design(s). Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt- manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk- vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
On Thu, Sep 26, 2013 at 03:05:16AM +, P Balaji-B37839 wrote: Hi Ravi, We did this as part of PoC few months back. Daniel can give us more comments on this as he is the lead for Libvirt support in Nova. Just adding the ability to expose virtio-serial devices to the guest doesn't do much. You need to have a credible story for what connects and deals with the host side of the device in Nova. For the QEMU guest agent, libvirt will own the host side and use it for various APIs it supports. For the SPICE agent, QEMU owns the host side and uses it to support functionality used by the SPICE client. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova][libvirt] Virtio-Serial support for Nova libvirt driver
Hi, If anyone is already working on the below support for Nova, Please let us know. Regards, Balaji.P -Original Message- From: P Balaji-B37839 Sent: Tuesday, September 24, 2013 4:10 PM To: openstack-dev@lists.openstack.org Cc: Addepalli Srini-B22160; Mannidi Purandhar Sairam-B39209; Lingala Srikanth Kumar-B37208; Somanchi Trinath-B39208; B Veera-B37207 Subject: [openstack-dev][Nova] Virtio-Serial support for Nova libvirt driver Hi, Virtio-Serial interface support for Nova - Libvirt is not available now. Some VMs who wants to access the Host may need like running qemu-guest-agent or any proprietary software want to use this mode of communication with Host. Qemu-GA uses virtio-serial communication. We want to propose a blue-print on this for IceHouse Release. Anybody interested on this. Regards, Balaji.P ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Haomai, Thanks for your interest on this. The code check-ins done against the below bp are more specific to Qemu Guest Agent. https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support Our requirement is to enable Virtio-Serial Interface to the applications running in VM. Do you have the same requirement? We will share the draft BP on this. Any comments on this approach will be helpful. Regards, Balaji.P On Tue, Sep 24, 2013 at 8:10 PM, Haomai Wang hao...@unitedstack.com wrote: On Sep 24, 2013, at 6:40 PM, P Balaji-B37839 b37...@freescale.com wrote: Hi, Virtio-Serial interface support for Nova - Libvirt is not available now. Some VMs who wants to access the Host may need like running qemu-guest-agent or any proprietary software want to use this mode of communication with Host. Qemu-GA uses virtio-serial communication. We want to propose a blue-print on this for IceHouse Release. Anybody interested on this. Great! We have common interest and I hope we can promote it for IceHouse. BTW, do you have a initial plan or description about it. And I think this bp may invoke. https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support Regards, Balaji.P ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Best regards, Haomai Wang, UnitedStack Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Wangpan, Thanks for Information and suggestions. We want to have generic virtio-serial interface for Libvirt and applications can use this irrespective of Qemu Guest Agent in VM. As suggested, Daniel can throw some light on this and help us. Regards, Balaji.P From: Wangpan [mailto:hzwang...@corp.netease.com] Sent: Wednesday, September 25, 2013 3:24 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver Hi all, I'm the owner of this bp https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support and Daniel Berrange gave me lots of help about implementing this bp, and the original idea of mine is the same as yours. So I think the opinion of Daniel will be very useful. 2013-09-25 Wangpan 发件人:balaji patnala patnala...@gmail.com 发送时间:2013-09-25 22:36 主题:Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver 收件人:OpenStack Development Mailing Listopenstack-dev@lists.openstack.org 抄送: Hi Haomai, Thanks for your interest on this. The code check-ins done against the below bp are more specific to Qemu Guest Agent. https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support Our requirement is to enable Virtio-Serial Interface to the applications running in VM. Do you have the same requirement? We will share the draft BP on this. Any comments on this approach will be helpful. Regards, Balaji.P On Tue, Sep 24, 2013 at 8:10 PM, Haomai Wang hao...@unitedstack.commailto:hao...@unitedstack.com wrote: On Sep 24, 2013, at 6:40 PM, P Balaji-B37839 b37...@freescale.commailto:b37...@freescale.com wrote: Hi, Virtio-Serial interface support for Nova - Libvirt is not available now. Some VMs who wants to access the Host may need like running qemu-guest-agent or any proprietary software want to use this mode of communication with Host. Qemu-GA uses virtio-serial communication. We want to propose a blue-print on this for IceHouse Release. Anybody interested on this. Great! We have common interest and I hope we can promote it for IceHouse. BTW, do you have a initial plan or description about it. And I think this bp may invoke. https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support Regards, Balaji.P ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Best regards, Haomai Wang, UnitedStack Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
I am working on this generic virtio-serial interface for appliances. To start with I experimented on existing Wangpan's added feature on hw_qemu_guest agent. I am preparing to propose a blueprint to modify it for generic use and open to collaborate. I could bring up VM with generic source path(say /tmp/appliance_port) and target name(appliance_port). But I see qemu listening on the unix socket in host as soon as I start the VM. If we want to have our server program on host listening, that should not happen. How do I overcome that? Thanks, -Ravi. On Wed, Sep 25, 2013 at 3:01 AM, P Balaji-B37839 b37...@freescale.comwrote: Hi Wangpan, Thanks for Information and suggestions. We want to have generic virtio-serial interface for Libvirt and applications can use this irrespective of Qemu Guest Agent in VM. As suggested, Daniel can throw some light on this and help us. Regards, Balaji.P ** ** ** ** ** ** *From:* Wangpan [mailto:hzwang...@corp.netease.com] *Sent:* Wednesday, September 25, 2013 3:24 PM *To:* OpenStack Development Mailing List *Subject:* Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver ** ** Hi all, I'm the owner of this bp https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support and Daniel Berrange gave me lots of help about implementing this bp, and the original idea of mine is the same as yours. So I think the opinion of Daniel will be very useful. 2013-09-25 -- Wangpan -- *发件人:*balaji patnala patnala...@gmail.com *发送时间:*2013-09-25 22:36 *主**题:*Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver *收件人:*OpenStack Development Mailing List openstack-dev@lists.openstack.org *抄送:* Hi Haomai, ** ** Thanks for your interest on this. ** ** The code check-ins done against the below bp are more specific to Qemu Guest Agent. ** ** https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support ** ** ** ** Our requirement is to enable Virtio-Serial Interface to the applications running in VM. ** ** Do you have the same requirement? ** ** We will share the draft BP on this. ** ** ** ** Any comments on this approach will be helpful. ** ** Regards, Balaji.P ** ** On Tue, Sep 24, 2013 at 8:10 PM, Haomai Wang hao...@unitedstack.com wrote: On Sep 24, 2013, at 6:40 PM, P Balaji-B37839 b37...@freescale.com wrote: Hi, Virtio-Serial interface support for Nova - Libvirt is not available now. Some VMs who wants to access the Host may need like running qemu-guest-agent or any proprietary software want to use this mode of communication with Host. Qemu-GA uses virtio-serial communication. We want to propose a blue-print on this for IceHouse Release. Anybody interested on this. Great! We have common interest and I hope we can promote it for IceHouse. BTW, do you have a initial plan or description about it. And I think this bp may invoke. https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support Regards, Balaji.P ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Best regards, Haomai Wang, UnitedStack Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ** ** ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
I got this working after I made guest to behave as serial device and host side program as unix socket based client. Now all set to collaborate the BP with the use case. Thanks, -Ravi. On Wed, Sep 25, 2013 at 8:09 AM, Ravi Chunduru ravi...@gmail.com wrote: I am working on this generic virtio-serial interface for appliances. To start with I experimented on existing Wangpan's added feature on hw_qemu_guest agent. I am preparing to propose a blueprint to modify it for generic use and open to collaborate. I could bring up VM with generic source path(say /tmp/appliance_port) and target name(appliance_port). But I see qemu listening on the unix socket in host as soon as I start the VM. If we want to have our server program on host listening, that should not happen. How do I overcome that? Thanks, -Ravi. On Wed, Sep 25, 2013 at 3:01 AM, P Balaji-B37839 b37...@freescale.comwrote: Hi Wangpan, Thanks for Information and suggestions. We want to have generic virtio-serial interface for Libvirt and applications can use this irrespective of Qemu Guest Agent in VM. As suggested, Daniel can throw some light on this and help us. Regards, Balaji.P ** ** ** ** ** ** *From:* Wangpan [mailto:hzwang...@corp.netease.com] *Sent:* Wednesday, September 25, 2013 3:24 PM *To:* OpenStack Development Mailing List *Subject:* Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver ** ** Hi all, I'm the owner of this bp https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support and Daniel Berrange gave me lots of help about implementing this bp, and the original idea of mine is the same as yours. So I think the opinion of Daniel will be very useful. 2013-09-25 -- Wangpan -- *发件人:*balaji patnala patnala...@gmail.com *发送时间:*2013-09-25 22:36 *主**题:*Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver *收件人:*OpenStack Development Mailing List openstack-dev@lists.openstack.org *抄送:* Hi Haomai, ** ** Thanks for your interest on this. ** ** The code check-ins done against the below bp are more specific to Qemu Guest Agent. ** ** https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support ** ** ** ** Our requirement is to enable Virtio-Serial Interface to the applications running in VM. ** ** Do you have the same requirement? ** ** We will share the draft BP on this. ** ** ** ** Any comments on this approach will be helpful. ** ** Regards, Balaji.P ** ** On Tue, Sep 24, 2013 at 8:10 PM, Haomai Wang hao...@unitedstack.com wrote: On Sep 24, 2013, at 6:40 PM, P Balaji-B37839 b37...@freescale.com wrote: Hi, Virtio-Serial interface support for Nova - Libvirt is not available now. Some VMs who wants to access the Host may need like running qemu-guest-agent or any proprietary software want to use this mode of communication with Host. Qemu-GA uses virtio-serial communication. We want to propose a blue-print on this for IceHouse Release. Anybody interested on this. Great! We have common interest and I hope we can promote it for IceHouse. BTW, do you have a initial plan or description about it. And I think this bp may invoke. https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support Regards, Balaji.P ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Best regards, Haomai Wang, UnitedStack Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ** ** ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver
Hi Ravi, We did this as part of PoC few months back. Daniel can give us more comments on this as he is the lead for Libvirt support in Nova. Regards, Balaji.P From: Ravi Chunduru [mailto:ravi...@gmail.com] Sent: Thursday, September 26, 2013 12:35 AM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver I got this working after I made guest to behave as serial device and host side program as unix socket based client. Now all set to collaborate the BP with the use case. Thanks, -Ravi. On Wed, Sep 25, 2013 at 8:09 AM, Ravi Chunduru ravi...@gmail.commailto:ravi...@gmail.com wrote: I am working on this generic virtio-serial interface for appliances. To start with I experimented on existing Wangpan's added feature on hw_qemu_guest agent. I am preparing to propose a blueprint to modify it for generic use and open to collaborate. I could bring up VM with generic source path(say /tmp/appliance_port) and target name(appliance_port). But I see qemu listening on the unix socket in host as soon as I start the VM. If we want to have our server program on host listening, that should not happen. How do I overcome that? Thanks, -Ravi. On Wed, Sep 25, 2013 at 3:01 AM, P Balaji-B37839 b37...@freescale.commailto:b37...@freescale.com wrote: Hi Wangpan, Thanks for Information and suggestions. We want to have generic virtio-serial interface for Libvirt and applications can use this irrespective of Qemu Guest Agent in VM. As suggested, Daniel can throw some light on this and help us. Regards, Balaji.P From: Wangpan [mailto:hzwang...@corp.netease.commailto:hzwang...@corp.netease.com] Sent: Wednesday, September 25, 2013 3:24 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver Hi all, I'm the owner of this bp https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support and Daniel Berrange gave me lots of help about implementing this bp, and the original idea of mine is the same as yours. So I think the opinion of Daniel will be very useful. 2013-09-25 Wangpan 发件人:balaji patnala patnala...@gmail.commailto:patnala...@gmail.com 发送时间:2013-09-25 22tel:2013-09-25%C2%A022:36 主题:Re: [openstack-dev] [Nova] [Libvirt] Virtio-Serial support for Nova libvirt driver 收件人:OpenStack Development Mailing Listopenstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org 抄送: Hi Haomai, Thanks for your interest on this. The code check-ins done against the below bp are more specific to Qemu Guest Agent. https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support Our requirement is to enable Virtio-Serial Interface to the applications running in VM. Do you have the same requirement? We will share the draft BP on this. Any comments on this approach will be helpful. Regards, Balaji.P On Tue, Sep 24, 2013 at 8:10 PM, Haomai Wang hao...@unitedstack.commailto:hao...@unitedstack.com wrote: On Sep 24, 2013, at 6:40 PM, P Balaji-B37839 b37...@freescale.commailto:b37...@freescale.com wrote: Hi, Virtio-Serial interface support for Nova - Libvirt is not available now. Some VMs who wants to access the Host may need like running qemu-guest-agent or any proprietary software want to use this mode of communication with Host. Qemu-GA uses virtio-serial communication. We want to propose a blue-print on this for IceHouse Release. Anybody interested on this. Great! We have common interest and I hope we can promote it for IceHouse. BTW, do you have a initial plan or description about it. And I think this bp may invoke. https://blueprints.launchpad.net/nova/+spec/qemu-guest-agent-support Regards, Balaji.P ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Best regards, Haomai Wang, UnitedStack Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi -- Ravi ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev