[Libvir] [RFC] Add Container support to libvirt

Dave Leskovec dlesko at linux.vnet.ibm.com
Fri Dec 28 08:34:14 UTC 2007 

Greetings,

I'd like to extend libvirt to support Containers.  As libvirt already 
supports Xen, KVM, QEMU and OpenVZ, I think it would be valuable to be 
able to utilize existing utilities to manage containers.

I've spent some time looking through the libvirt api and how this 
Container support will fit.  Based on the XML format section of the 
libvirt website and some list discussions I put together the following 
proposed XML format:

<domain type='linuxcontainer'>
    <name>Container123</name>
    <uuid>8dfd44b31e76d8d335150a2d98211ea0</uuid>
    <container>
        <filesystem>
            <mount>/etc = /home/user/lxc_files/etc</mount>
            <mount>/var = /home/user/lxc_files/var</mount>
        </filesystem>
        <application>dbserver</application>
        <network hostname='browndog'>
            <ip address="192.168.1.110" netmask="255.255.255.0"/>
                <gateway address="192.168.1.1"/>
                <nameserver>192.168.1.1</nameserver>
            </ip>
        </network>
        <cpushare>40</cpushare>
        <memory>65536</memory>
    </container>
    <devices>
        <console tty='/dev/pts/4' />
    </devices>
</domain>

The clone() function is used with the CLONE_NEWPID and CLONE_NEWNS flags 
to start a new process within it's own process name space. The only 
processes visible to it will be itself and any processes that it 
spawns.  The process that clone creates will start out preparing the 
container environment.  This involves setting up any network interface, 
setting up the file system by performing any requested mounts, mounting 
/proc, setting up a tty device, populating /dev as necessary, and 
performing any other necessary initializations.  It will then start the 
application(s) requested by the user.  The executables started within 
the container could be an application or script or possibly /sbin/init.  
The mounts that the user specifies will need to be populated with the 
appropriate contents for whatever applications they are going to run 
within the container.  cgroup will be used for isolation and association 
with controllers for cpu and memory resources.

I'm planning to start in on defining a container.  All comments and 
questions are welcome.

Best Regards,
Dave Leskovec
IBM Linux Technology Center
Open Virtualization

More information about the libvir-list mailing list