[libvirt] [PATCH v2] storage: vz storage pool support
Olga Krishtal
okrishtal at virtuozzo.com
Thu Dec 8 17:32:44 UTC 2016
On 08/12/16 19:39, Olga Krishtal wrote:
> Hi all, I see here a lot of discussions and explanations about
> virtuozzo storage. So, I will just add some information.
> Initially I have planned, that admin or user has properly configured
> vstorage somewhere over the
> network. (It can be done via DNS records or zeroconf.) At the host
> where pool will be stored
> user/admin do cluster discovery and authorization. As Maxim has
> mentioned before - vstorage
> does not use the concept of users and groups, providing specific users
> and groups with access to specific parts of a cluster.
> So, anyone authorized to access a cluster can access all its data.
> However, you can use additional parameters
> during mounting to define mount owner usr name, group name and acecss
> mode (so, you can mount cluster as read-only)
Mistake, performing chown/chmod and etc does nothing.
> This means that performing chown/chmod and etc - will have same effect
> as in nfs case.
> Of course to perform this operations you need vstorage-client to be
> installed on the host.
>
>
> On 08/12/16 16:47, Maxim Nestratov wrote:
>> 08-Dec-16 15:17, John Ferlan пишет:
>>
>>>
>>> On 12/08/2016 04:19 AM, Maxim Nestratov wrote:
>>>> 08-Dec-16 02:22, John Ferlan пишет:
>>>>
>>>>> [...]
>>>>>
>>>>>>> I see what you mean; however, IMO vstorage should be separate.
>>>>>>> Maybe
>>>>>>> there's another opinion out there, but since you're requiring
>>>>>>> "something" else to be installed in order to get the WITH_VSTORAGE
>>>>>>> to be
>>>>>>> set to 1, then a separate file is in order.
>>>>>>>
>>>>>>> Not sure they're comparable, but zfs has its own. Having separated
>>>>>>> vstorage reduces the chance that some day some incompatible
>>>>>>> logic is
>>>>>>> added/altered in the *fs.c (or vice versa).
>>>>>> Ok. I will try.
>>>>>>
>>>>>>> I think you should consider the *_fs.c code to be the "default" of
>>>>>>> sorts. That is default file/dir structure with netfs added in. The
>>>>>>> vstorage may just be some file system, but it's not something
>>>>>>> (yet) on
>>>>>>> "every" distribution.
>>>>>> I did not understand actually, what you mean "be the "default" of
>>>>>> sorts."
>>>>>> As I have understood - what I need to do is to create
>>>>>> backend_vstorage.c
>>>>>> with all create/delete/* functionality.
>>>>>>
>>>>> Sorry - I was trying to think of a better way to explain... The
>>>>> 'fs' and
>>>>> 'nfs' pool are default of sorts because one can "ls" (on
>>>>> UNIX/Linux) or
>>>>> "dir" (on Windows) and get a list of files.
>>>>>
>>>>> "ls" and "dir" are inherent to the OS, while in this case vstorage
>>>>> commands are installed separately.
>>>> Once you mounted your vstorage cluster to a local filesystem you can
>>>> also "ls" it. Thus, I can't see much difference from nfs here.
>>>>
>>> So if it's more like NFS, then how does one ensure that the local
>>> userid
>>> X is the same as the remote userid X? NFS has a root-squashing concept
>>> that results in numerous shall we say "interesting" issues.
>>
>> Vstorage doesn't have users concept. Authentication is made by a
>> password per node just once.
>> If authentication passes, a key is stored in
>> /etc/vstorage/clusters/CLUSTER_NAME/auth_digest.key
>> Then, permissions are set to a mount point during mounting with -u
>> USER -g GROUP -m MODE options
>> provided to vstorage-mount command.
>>
>>> Check out the virFileOpen*, virDirCreate, and virFileRemove...
>>>
>>> Also what about viFileIsShareFSType? And security_selinux.c code for
>>> NFS? If you use cscope, just search on NFS.
>>>
>>> In the virStorageBackendVzStart, I see:
>>>
>>> VSTORAGE_MOUNT -c $pool.source.name $pool.target.path
>>
>> This call certainly lacks user/group/mode parameters and should be
>> fixed in the next series.
> Do you mean fix the default behavior for non-root users?
>
>
>>
>>>
>>> where VSTORAGE_MOUNT is a build (configure.ac) definition that is the
>>> "Location or name of vstorage-mount program" which would only be set if
>>> the proper package was installed.
>>>
>>> In the virStorageBackendVzfindPoolSources, I see:
>>>
>>> VSTORAGE discover
>>>
>>> which I assume generates some list of remote "services" (for lack of a
>>> better term) which can be used as/for pool.source.name in order to be
>>> well mounted by the VSTORAGE_MOUNT program.
>>>
>>> Compare that to NFS, which uses mount which is included in well every
>>> distro I can think of. That's a big difference. Also let's face it, NFS
>>> has been the essential de facto goto tool to access remote storage
>>> for a
>>> long time. Personally, I'd rather see the NFS code split out of the
>>> *_fs.c backend, but I don't have the desire/time to do it - so it stays
>>> as is.
>>
>> To sum this up, you still think that copy and paste isn't a problem
>> here and will create more value than do any harm, right?
>>
>> Maxim
>>
>> [snip]
>
>
>
--
Best regards,
Olga
More information about the libvir-list
mailing list