libvirt 0.7.7 and Lucid

Jamie Strandboge jamie at canonical.com
Thu Mar 25 20:09:52 UTC 2010 

Hi,

For some work[1] I am doing, I did a merge of 0.7.7-4 from Debian
unstable for Lucid and made it available in my PPA[2] (though it hasn't
built yet-- people can grab the source and build it locally if desired).
This package may be worth considering for Lucid, since there are many
bug fixes and few new features in 0.7.6 and 0.7.7[3] (Lucid currently
has 0.7.5).

My testing with QRT[4], manually and the internal test suite (enabled by
default in the build) shows that 0.7.7 is quite solid, though it does a
couple of things differently:

1. the setmem, setmaxmem and setvcpus virsh commands are for hotplugging
memory and vcpus only. This was always the intent of these commands, but
libvirt did not enforce it. Now it does and qemu-kvm doesn't seem to
support hotplugging of memory and vcpus (at least with how libvirt
interfaces with it). In practice, this probably won't affect many users
as the recommended method has always been to use 'virsh define' and
restart the guest. virt-manager appears to use 'virsh define' for
setmaxmem, I don't know how eucalyptus deals with this.

2. upstream decided to make setmaxmem go away entirely, and 0.7.7's
implementation of setmaxmem is in the middle of this transition and
doesn't seem to work at all. 'virsh define' still does though. I'm also
not sure if this is a bug or new design, but while you can define a VM
with different <memory> and <currentMemory>, when you start the VM,
<memory> is always allocated for the VM and <currentMemory> is ignored.

3. libvirt seems to try to guard against hypervisor issues regarding
detach-device and detach-disk. Specifically, these can be hot-plugged,
but not hot-unplugged (libvirt claims the qemu-kvm hypervisor doesn't
support detach of these):
    <disk type='block' device='disk'>
      <driver name='phy'/>
      <source dev='...path.../device_disk.img'/>
      <target dev='sdb' bus='scsi'/>
      <alias name='scsi0-0-1'/>
      <address type='drive' controller='0' bus='0' unit='1'/>
    </disk>

    <disk type='file' device='disk'>
      <driver name='file'/>
      <source file='...path.../device_disk.img'/>
      <target dev='sdc' bus='scsi'/>
      <alias name='scsi0-0-2'/>
      <address type='drive' controller='0' bus='0' unit='2'/>
    </disk>

In 0.7.5, libvirt would try to detach these devices via the hypervisor,
but in 0.7.7 it gives only a clear error message to the user. These QRT
tests were built around upstream eucalyptus functionality, so this needs
careful testing. Attaching and detaching virtio disks works fine in my
testing.

4. libvirt chown's the disk files to root:root for people using
qemu:///system. I don't know why it is doing this, but it is likely
related to upstream changes (and assumptions) made for the DAC security
driver. This seems like someone will need to at least investigate if not
patch.


Beyond the above, preliminary testing indicates that 0.7.7 is quite
solid. I would like to see this go into Lucid, since my apparmor work
will be based on this and I'd rather not have to backport my work to
0.7.5. That said, I don't have the time to perform all the testing
required, so if a commitment to testing resources can't be made for
0.7.7 by the server team and QA, then I recommend sticking with 0.7.5.

[1]https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-libvirt-apparmor-devel
[2]https://launchpad.net/~jdstrand/+archive/ppa?field.series_filter=lucid
[3]http://libvirt.org/news.html
[4]https://code.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100325/5447e63b/attachment.pgp>

More information about the ubuntu-server mailing list