[libvirt] new openvz driver (bossonvz)

Bosson VZ bossonvz at bosson.eu
Tue Jul 1 14:50:20 UTC 2014

Hello Daniel,

I have started working on Bossonvz slightly more than a year ago. As far as I remember, back then I wanted to base my work on top of the existing Openvz libvirt driver but I was dissappointed by the state of the driver. Our goal was to have a driver that supports online migration and mount points management and after toying with the openvz driver for a while we have decided to start from the scratch. Personaly, I also do not like the idea of domain management by just calling the vz tools binaries and relying on parsing of the resulting outputs.

The API stability is a very good question. Of course, to circumvent the vz tools and touching the kernel we had to accept the fact that the kernel API might change in the future. And it will most definitely do. This is not based on any formal proclamation in any way but it is true that in a past year I did not have to change my code because of some incompatibility in the vzkernel API (and I have tested the code with various vz kernels ranging from 042stab068.8 to 042stab084.26). At the moment, since the vz tools are the only user of the API, the vz developers can pretty much do whatever they like with the kernel API. I believe it could be benefitial also to them to have another user of their API.

The implementations (vztools and bossonvz) are independent but they share the same kernel. This means that if I start a bossonvz domain, I can use vzlist and I will see the appropriate container. The opposite does not work that way because bossonvz is a stateful driver. So if I start a container by using vzctl, I will not see anything with virsh list. But I would not be able to start a domain with the same veid; libvirt won't let me do that because the kernel API call fails.

By default, bossonvz also does not touch any vz tools config files (mainly veid.conf), so various vz tools that rely on the existence of the veid.conf for a running container (vzctl enter) will refuse to co-operate. This is solved by the bossonvz hook which can create stub veid.conf files to silence vzctl. After that, it is no problem to access the domain with vzctl enter (we use it regularly since entering the domain with virsh is not implemented yet). To sum up, the implementations influence one another to some extent but neither is necessary for the other and both can run simultaneuosly side-by-side.

One of the goals we would like to reach is to have a uniform management interface for our clients. It means that the virtualization technology (openvz, qemu/kvm) should be abstracted away as much as possible. And because all qemu/libvirt management tools allow the user to see the "screen", we wanted the same for bossonvz.

The implementation is located in bossonvz_vnc_* files. It is a stand-alone binary that is started as a separate process on the domain's startup by a domain controller (similar to the LXC domain controller). The VNC server binary opens up a tty device in the container via a vzkernel API call but instead of passing the IO through to the host pty device (like the LXC does), it actually intercepts the terminal sequences and renderes them to a memory frame-buffer (all in user-space). On top of that sits a custom VNC server implementation that serves the updated chunks to VNC clients. Everything is done in user-space, no modifications to the upstream vzkernel are necessary. The code heavily uses the libvirt util functions as well as uthash and some functions from libcrypto. 

Since the VNC server runs on the host, it is invisible to the user in the container. If for some reason the VNC server crashes, the domain controller can start it again without influencing the state of the domain itself. During migration (or a suspend/resume cycle), the state of the server is serialized to a file and stored on the domain's root partition. From there, it is deserialized and loaded when the domain is resumed.

Since there is no dependency on the vzkernel API in the VNC server (apart from opening the tty device), there shall be no problem to use the code in the LXC driver.

As far as the maintanence is concerned: Our bussinnes is centered around OpenVZ and Qemu/kvm technologies. Primarly, we are prepared to provide a long-term support of the bossonvz driver for every RedHat libvirt release and every stable vzkernel release because we use the driver already in production on RedHat based distros. Had the driver be accepted to the libvirt master with all the features that we need in the company, we are ready to provide support there as well.

You are correct that LXC and OpenVZ cover the same thing, container virtualization. However, until LXC offers the same level of features as OpenVZ provides, we will use our bossonvz driver in the company.

David Fabian
Cluster Design, s.r.o.

Dne Po 30. června 2014 10:31:26, Daniel P. Berrange napsal(a):
> On Fri, Jun 27, 2014 at 03:16:51PM +0200, Bosson VZ wrote:
> > Hello,
> > 
> > in the company I work for, we use openvz and qemu/kvm on our clusters
> > side-by-side. To manage our domains, we used libvirt/qemu for qemu/kvm
> > domains and vz tools for openvz domains in the past. This was very
> > inconvinient since the management differed in many ways. So we have
> > decided to unify our management and use libvirt exclusively. Since the
> > openvz driver already included in libvirt lacks features that need, we
> > have implemented a new libvirt backend driver for openvz called the
> > bossonvz driver.
> Are there any particular reasons why you were unable to extend the
> existing openvz driver to do what you needed ? I know openvz driver
> has been mostly unmaintained and its code isn't too pleasant, but
> it'd still be nice to know what show-stopper problems you saw with
> using it as a base for more work.
> > Unlike the openvz driver, bossonvz is a complete, feature-rich stateful
> > libvirt driver. It uses the libvirt driver API exclusively and
> > communicates with the kernel directly, much like the LXC driver. The
> > code is hugely inspired by the LXC driver and the Qemu driver, but adds
> > a bit of functionality to the libvirt core too. More details and the
> > source code can be found at
> > 
> > http://bossonvz.bosson.eu/
> > 
> > The driver is completely independent of vz tools, it needs only a
> > running vz kernel.
> That's very interesting. Do you know if there is any statement of
> support for the OpenVZ kernel <-> userspace API. I know the mainline
> kernel aims to maintain userspace API compatibility, but are all the
> custom additions that the OpenVZ fork has maintained in a compatible
> manner as OpenVZ provides new versions ?
> eg is there any significant risk that when a new OpenVZ release
> comes out, kernel changes might break this new driver, or are they
> careful to maintain compat for the mgmt layer ?
> Also is there interoperability between this driver and the openvz
> tools. eg if openvz tools launch a guest, can it be seen and managed
> by this driver, and vica-verca ? Or are they completely separate
> views and non-interacting ?
> >                    One of the things, we are most proud of, is the
> > possibility to access the domain's tty via VNC (hurray to uniform
> > management web interfaces).
> That's nice - care to elaborate on the technical architecture
> of this ? Presumably when you say 'tty' you mean the VNC is just
> a frontend to the text-mode console, it isn't providing any kind
> of virtualized graphical framebuffer.   Is this VNC support you
> have part of the libvirt patches, or a standalone component that
> just interacts with it ?
> Basically I'm wondering whether this VNC support is something we
> can leverage in the LXC driver too ?
> > Since the code was developed in-house (primarily for internal
> > purposes), it is based on an older libvirt release (1.1.2). There
> > are also some modifications to the libvirt core (virCommand) and
> > the domain file (mount options syntax) which might need some
> > redesign.
> > 
> > At the moment I would like to get some feedback on the driver. In
> > the future, I would like to see the driver merged upstream, and
> > am prepared to do the work but I need to know if there is any
> > interest in doing so.
> As you've probably already figured out, we generally welcome support for
> new virtualization drivers. The two big questions to me are
>  - Are you able to provide ongoing maintaince and development of
>    this driver for the future ? We're already suffering from a lack
>    of people able to maintain the existing openvz driver and the
>    related parallels isn't too active either. Basically we'd like
>    to see a commitment to be an active  maintainer of the code.
>  - What do you see as the long term future of the driver ? I've
>    already asked whether there's any risk from future OpenVZ releases
>    potentially breaking things. Historically the idea with the kernel's
>    namespace support was that the OpenVZ forked kernel would be able
>    to go away. IIUC, the openvz userspace can already run on top of a
>    plain mainline kernel, albeit with reduced features compared to when
>    it runs on openvz kernel fork.  If we assume the trend of merging
>    OpenVZ features into mainline continues, we might get to a point
>    where OpenVZ kernel fork no longer exists. At that point I wonder
>    what would be the compelling differences between BossonVZ and the
>    LXC driver ?  ie why would we benefit from 2 container drivers for
>    the same kernel functionality.
> Regards,
> Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140701/9b82bc93/attachment-0001.htm>

More information about the libvir-list mailing list