[fedora-virt] customizing VMM on a per-user basis to use libguestfs?
davidsen at tmr.com
Fri Apr 24 20:23:53 UTC 2009
Daniel P. Berrange wrote:
> On Fri, Apr 24, 2009 at 12:00:13PM -0400, Bill Davidsen wrote:
>> Daniel P. Berrange wrote:
>>> There are two classes of libvirt driver connection
>>> - Privileged, per-host connections
>>> - Unprivileged, per-user connections
>>> Xen provides a per-host connection. UserModeLinux and QEMU provide
>>> both (qemu:///system and qemu:///session). VirtualBox just proivides
>>> a per-user instance (vbox:///session) and so on.
>>> Now by default in Fedora, when connecting to QEMU, virt-manager will
>>> use the privileged per-host connection, so VMs end up in the system
>>> directory /var/lib/libvirt/images.
>>> Our goal (perhaps for F12) should be for local desktop virt use
>>> cases to use the unprivileged QEMU connection qemu://session
>>> by default, and have VM disk images stored in your home directory
>> I'm not sure that home directory is where people would want images, I
>> suspect that an arbitrary location would be far more flexible. Using KVM
>> without a VMM, I can put images in someplace obvious, like
>> $HOME/virtual/Images (with install ISO images in ~/virtual/ISO) so my
>> virtual machines are not co-mingled with other things. My system stuff
>> is in /mnt/virtual/Images and people use it by using qemu-img to make a
>> local qcow2 images for their personal machines (including test config,
> I hinted earlier, but there are 2 core use cases too
> - Local desktop virtualization. eg developers / Vmware workstation use case
> - Server virtualization
> Thes respectively map onto the 2 types of libvirt connection I talk about
> - Unprivileged, per-user connections
> - Privileged, per-host connections
> Now, when I then talk about directories, we're only talking about
> the 'default' out of the box config, which respectively will be
> something like
> - $HOME/VirtualImages
> - /var/lib/libvirt/images
> Libvirt (and virt-manager) has extensive storage management APIs now,
> and can easily deal with alternative locations for storing images.
> So if these default ones aren't suitable, then it'll be perectly
> fine to tell virt-manager all images should live in /mnt/virtual/Images
No, those look like fine default choices, and as you note below labeling
can now be automated to solve problems like this before they happen. I'm
sadly aware of labeling problems, since I run a fair number of off-label
programs I have to setup myself.
Sounds as if the problem is addresses, thanks.
>> - did I make clear why some flexibility is desirable?
> We've nothing against flexibility - we're really just considering the
> default out of the box config.
>> - is there any technical reason not to make this an arbitrary path?
> Historically SELinux has wanted images in particular locations. With
> the introduction of SVirt in libvirt, we have much more advanced
> SELinux integration and will in fact automatically re-label images
> to match the needs of a VM. So allowing arbitary locations *and*
> still being in compliance with SELinux policy is now practical
bill davidsen <davidsen at tmr.com>
CTO TMR Associates, Inc
"You are disgraced professional losers. And by the way, give us our money back."
- Representative Earl Pomeroy, Democrat of North Dakota
on the A.I.G. executives who were paid bonuses after a federal bailout.
More information about the Fedora-virt