[Libvir] Preliminary patch to support remote driver / libvirtd

Richard W.M. Jones rjones at redhat.com
Tue Jan 30 17:42:21 UTC 2007 

This patch is just for discussion.  It's not in a state to be applied, 
even if it were accepted (which is a long-shot at present anyway).

When looking at the patch, a good starting point is to search for 
"Architecture and notes" and read from there.

Supports:

  * remote driver (just does the "open", "close", "type" and
    "version" calls at present as a proof of concept)
  * TLS transport (built using GnuTLS)
  * SSH transport (forks external ssh process)
  * TCP transport (unencrypted - just for testing)
  * Unix domain socket transport
  * arbitrary external program / shell script transport
  * IPv6-ready on client & server

I've tested all the transports, and in limited tests they all
seem to work.  ie. You really can do:

   virsh -c remote:tls:server version

Shortcomings in this version:

  * in "open" call, name must be non-NULL (this is just a bug)
  * doesn't actually invoke libvirt on the server side; just
    prints out messages and returns dummy values
  * "ssh" not recognised as a service name by getaddrinfo, so
    you must always give a port number, ie. remote:ssh:server:22
  * /tmp/socket should be cleaned up when the server exits

Potential problems:

  * SunRPC is stateless so we need to hand out a cookie to
    represent the virConnectPtr handle on the server side.
    However if the client dies without explicitly calling
    close, we have no way to know, and so the cookie/handle
    on the server side lives forever.

  * There's some confusion about the level of abstraction.  At
    the moment I'm abstracting at the driver level, but that may
    be wrong and possibly I should be abstracting at the level
    of vir* calls.  On the other hand, there's not a huge amount
    of difference.

  * Security:
      Is it safe for libvirt to be connecting to arbitrary TCP
      sockets?
      Is it safe for libvirt to be able to run arbitrary programs?

Rich.

-- 
Emerging Technologies, Red Hat  http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF     Mobile: +44 7866 314 421
  "[Negative numbers] darken the very whole doctrines of the equations
  and make dark of the things which are in their nature excessively
  obvious and simple" (Francis Maseres FRS, mathematician, 1759)
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070130/00a83bd8/attachment-0001.ksh>

More information about the libvir-list mailing list