[Libvir] Virtual networking

Daniel P. Berrange berrange at redhat.com
Tue Jan 16 21:54:49 UTC 2007 

On Tue, Jan 16, 2007 at 04:19:37PM -0500, Aron Griffis wrote:
> Daniel P. Berrange wrote:  [Tue Jan 16 2007, 10:57:03AM EST]
> > 2. The way I was always anticipating remote use of libvirt to work. The
> >    app uses libvirt locally which opens a connection to the remote machine
> >    using whatever remote management protocol is relevant for the hypervisor
> >    in question. eg, HTTP/XML-RPC for Xen, or the TLS secured binary format
> >    for the prototype QEMU backend.
> > 
> >    http://people.redhat.com/berrange/libvirt/libvirt-arch-remote-1.png
> 
> So this works to manage a remote host that might not have libvirt
> installed...

Provided the host in question provided a secure remote management system.
Until Xen-API is supported, even Xen doesn't have a useful remote management
system since its currents APIs have zero auth. Other non-Xen virt produces
don't have any remote management.

> 
> > 3. The way I think you re suggesting - a libvirt server on every remote
> >    host which calls into the regular libvirt internal driver model to
> >    proxy remote calls. So even if the hypervisor in question provides a
> >    remote network management API, we will always use the local API and
> >    do *all* remote networking via the libvirt server
> > 
> >    http://people.redhat.com/berrange/libvirt/libvirt-arch-remote-2.png
> 
> ...and this requires each managed host to have libvirt(d).
> 
> This is considered a reasonable requirement?

Personally it doesn't worry me too much - by all means though, I'm open to 
arguments against it too.....

The way I currently look at the problem, needing to deploy a small C based
management daemon (merely linked to an SSL library for secure comms) isn't 
very onerous in comparison to the enourmous pile of python code Xen already 
requires. For non-Xen backends we'll definitely need a daemon of some form,
since QEMU / KVM / UML / etc don't have any management daemon at all. For 
administrators there's a certain benefit to only having to worry about 
opening up one daemon to the public network regardless of which virt system
in use.

But then maybe we actually need to support both remote management models ? 

Would a requirement for a libvirtd be a problem for your use cases ?

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|

More information about the libvir-list mailing list