[libvirt] [RFC] Image Fleecing for Libvirt (BZ 955734, 905125)

Eric Blake eblake at redhat.com
Wed Jul 24 03:40:56 UTC 2013 

[replying with useful information from another off-list email]

On 07/15/2013 03:04 PM, Richard W.M. Jones wrote:
> On Mon, Jul 15, 2013 at 05:57:12PM +0800, Fam Zheng wrote:
>> Hi all,
>>
>> QEMU-KVM BZ 955734, and libvirt BZ 905125 are about feature "Read-only
>> point-in-time throwaway snapshot". The development is ongoing on
>> upstream, which implements the core functionality by QMP command
>> drive-backup. I want to demonstrate the HMP/QMP commands here for image
>> fleecing tasks (again) and make sure this interface looks ready and
>> satisfying from Libvirt point of view.
>>


On 07/15/2013 06:24 AM, Paolo Bonzini wrote:> Il 15/07/2013 11:57, Fam
Zheng ha scritto:
>> Hi all,
>>
>> QEMU-KVM BZ 955734, and libvirt BZ 905125 are about feature "Read-only
>> point-in-time throwaway snapshot". The development is ongoing on
>> upstream, which implements the core functionality by QMP command
>> drive-backup. I want to demonstrate the HMP/QMP commands here for image
>> fleecing tasks (again) and make sure this interface looks ready and
>> satisfying from Libvirt point of view.
>
> And since we are at it, here is a possible libvirt API to expose this
> functionality (cut-and-paste from an old email).  If needed, VDSM can
> provide a similar API and proxy the libvirt API.
>
> Would something like this work?
>
> int        virDomainBlockPeekStart        (virDomainPtr dom,
>                                  const char ** disks,
>                                  unsigned int flags);
>
>         Make it possible to use virDomainBlockPeek on the given disks
>         with the new VIR_DOMAIN_BLOCK_PEEK_IMAGE flag.
>
>         It is okay to create multiple "snapshot groups", i.e. to invoke
>         the function multiple times with VIR_DOMAIN_BLOCK_PEEK_SNAPSHOT.
>         It is however not okay to specify the same disk multiple times
>         unless all of them are _without_ VIR_DOMAIN_BLOCK_PEEK_SNAPSHOT.
>
>         flags:
>         VIR_DOMAIN_BLOCK_PEEK_SNAPSHOT
>         Make an atomic point-in-time snapshot of all the disks included
>         in the list of strings "disks", and expose the snapshot via
>         virDomainBlockPeek
>
>         Note: if the virtual machine is running, this will use
>         nbd-server-start/add/end.  If the virtual machine is paused,
>         this will use qemu-nbd.  Libvirt should be able to switch
>         transparently from one method to the other.
>
> int        virDomainBlockPeekStop (virDomainPtr dom);
>
>         Stop communication with qemu-nbd or the hypervisor.
>
>
> VIR_DOMAIN_BLOCK_PEEK_IMAGE
>
>         A new flag for virDomainBlockPeek.  If specified,
>         virDomainBlockPeek will access the disk image, not the "raw"
>         file (i.e. it will read data as seen by the guest).  This
>         is only valid if virDomainBlockPeekStart has been called before
>         for this disk.
>
>
> Because libvirt would use a local (Unix) socket to communicate with QEMU
> and pass the file descriptor, there is no need to authenticate the NBD
> connection.  There is no need for ticketing, though if necessary we can
> make QEMU only accept connections from libvirtd's pid.  libvirt and VDSM
> already do authentication and/or encryption.
>
> Paolo
>
>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130723/e079659f/attachment-0001.sig>

More information about the libvir-list mailing list