[fedora-virt] customizing VMM on a per-user basis to use libguestfs?

Bill Davidsen davidsen at tmr.com
Fri Apr 24 20:23:53 UTC 2009


Daniel P. Berrange wrote:
> On Fri, Apr 24, 2009 at 12:00:13PM -0400, Bill Davidsen wrote:
>   
>> Daniel P. Berrange wrote:
>>     
>>> There are two classes of libvirt driver connection
>>>
>>> - Privileged, per-host connections
>>> - Unprivileged, per-user connections
>>>
>>>
>>> Xen provides a per-host connection. UserModeLinux and QEMU provide 
>>> both (qemu:///system and qemu:///session). VirtualBox just proivides
>>> a per-user instance (vbox:///session) and so on.
>>>
>>> Now by default in Fedora, when connecting to QEMU, virt-manager will
>>> use the privileged per-host connection, so VMs end up in the system
>>> directory /var/lib/libvirt/images.
>>>
>>> Our goal (perhaps for F12) should be for local desktop virt use
>>> cases to use the unprivileged  QEMU connection qemu://session
>>> by default, and have VM disk images stored in your home directory
>>>  
>>>       
>> I'm not sure that home directory is where people would want images, I 
>> suspect that an arbitrary location would be far more flexible. Using KVM 
>> without a VMM, I can put images in someplace obvious, like 
>> $HOME/virtual/Images (with install ISO images in ~/virtual/ISO) so my 
>> virtual machines are not co-mingled with other things. My system stuff 
>> is in /mnt/virtual/Images and people use it by using qemu-img to make a 
>> local qcow2 images for their personal machines (including test config, 
>> obviously).
>>     
>
> I hinted earlier, but there are 2 core use cases too
>
>  - Local desktop virtualization. eg developers / Vmware workstation use case
>  - Server virtualization
>
> Thes respectively map onto the 2 types of libvirt connection I talk about
> above
>
>  - Unprivileged, per-user connections
>  - Privileged, per-host connections
>
> Now, when I then talk about directories, we're only talking about
> the 'default' out of the box config, which respectively will be
> something like
>
>  - $HOME/VirtualImages
>  - /var/lib/libvirt/images
>
> Libvirt (and virt-manager) has extensive storage management APIs now,
> and can easily deal with alternative locations for storing images.
> So if these default ones aren't suitable, then it'll be perectly
> fine to tell virt-manager all images should live in /mnt/virtual/Images
> instead.
>
>   
No, those look like fine default choices, and as you note below labeling 
can now be automated to solve problems like this before they happen. I'm 
sadly aware of labeling problems, since I run a fair number of off-label 
programs I have to setup myself.

Sounds as if the problem is addresses, thanks.
>> Questions:
>> - did I make clear why some flexibility is desirable?
>>     
>
> We've nothing against flexibility - we're really just considering the
> default out of the box config. 
>
>   
>> - is there any technical reason not to make this an arbitrary path?
>>     
>
> Historically SELinux has wanted images in particular locations. With
> the introduction of SVirt in libvirt, we have much more advanced
> SELinux integration and will in fact automatically re-label images
> to match the needs of a VM. So allowing arbitary locations *and*
> still being in compliance with SELinux policy is now practical
>
> Daniel
>   


-- 
bill davidsen <davidsen at tmr.com>
  CTO TMR Associates, Inc

"You are disgraced professional losers. And by the way, give us our money back."
    - Representative Earl Pomeroy,  Democrat of North Dakota
on the A.I.G. executives who were paid bonuses  after a federal bailout.





More information about the Fedora-virt mailing list