[libvirt] [Qemu-devel] Re: Libvirt debug API

Anthony Liguori anthony at codemonkey.ws
Mon Apr 26 14:26:55 UTC 2010


On 04/26/2010 08:58 AM, Daniel P. Berrange wrote:
> On Mon, Apr 26, 2010 at 08:46:46AM -0500, Anthony Liguori wrote:
>    
>> On 04/26/2010 08:41 AM, Avi Kivity wrote:
>>
>>      
>>>> (3) The system management application can certainly create whatever
>>>> context it wants to launch a vm from.  It's comes down to who's
>>>> responsible for creating the context the guest runs under.  I think
>>>> doing that at the libvirt level takes away a ton of flexibility from
>>>> the management application.
>>>>          
>>> If you want to push the flexibility slider all the way to the right
>>> you get bare qemu.  It exposes 100% of qemu capabilities.  And it's
>>> not so bad these days.  But it's not something that can be remoted.
>>>        
>> As I mentioned earlier, remoting is not a very important use-case to me.
>>      
> NB, the "remote" protocol is no different from the "local" protocol
> the unprivileged app uses to talk to the privileged daemon. The only
> difference is unix sockets vs tcp sockets. We essentially get the
> remote access capability for free as part of the protocol used between
> the apps&  daemon.
>    

I think Avi's concern is that if you expose direct launch, then that's 
not really something you can usefully exploit in a remote protocol.

For instance, if you're local, you can call setuid() before invoking the 
launch API whereas if you're remote, you will always launch guests as 
the context of the remoting daemon.

This makes the remote API second-class in terms of functionality.

Regards,

Anthony Liguori

>    
>> Does RHEV-M actually use the remote libvirt interface?  I assume it'll
>> talk to vdsm via some protocol and vdsm will use the local libvirt API.
>>      
> That is correct. That doesn't mean the remote interface isn't useful.
>
>    
>> I suspect most uses of libvirt are actually local uses.
>>      
> A key part of libvirt is interoperability between applications. So an app
> like vsdm can be using libvirt locally, while at the same time virt-top
> can be monitoring guests on a set of machines remotely, or virt-viewer can
> be run from your desktop talking to libvirt remotely to discover the VNC
> console details. For flexibility there are several options for remotely
> managing VMs. The native remote RPC system. The libvirt QPid/QMF model.
> The CIM binding. Application specific remote protocols. Since they all
> eventually talk to the same libvirtd daemon, their use is not mutually
> exclusive which is a good thing.
>
> Daniel
>    




More information about the libvir-list mailing list