[Ovirt-devel] Ovirt Host Tasks
Perry N. Myers
pmyers at redhat.com
Mon Mar 17 19:13:20 UTC 2008
Ian Main wrote:
> I think some thought needs to be given to being able to add to, or
> change the base os to allow debugging and other tools to be present in
> the image as well. This can probably just be done with kickstart &
> white/black changes.
That's what I was envisioning as well.
> [snip]
>
>>>> g. Construct a method for taking an image and adding site
>>>> specific configuration information to it (IP addresses of Ovirt
>>>> Mgmt Server and FreeIPA Server). This is only necessary to
>>>> support hosts that require static IP configuration -and- do not
>>>> have persistent storage to store configuration information. (If
>>>> we decide to support static IP config we could make presence of
>>>> persistent storage a requirement...)
>>>>
>>>> The goal is to get disk footprint down to something like 32, 64
>>>> or 128MB. The base images we build will not be hardware platform
>>>> specific, so 32MB might be a long shot. But after step e) above,
>>>> we should fit into 32MB.
>>> 64MB is probably a worthy immediate goal to aim for given that the
>>> current live image is about 85 MB & we know there's stuff that can
>>> be killed.
>
> I wonder if we should create an API for persistent storage? Given that
> it sounds like we'll have to support multiple options. We'll have the
> ovirt DB storage, no storage, flash storage, maybe vsata etc. All with
> its own setup and the operational difference between the DB and some
> kind of disk.
Since we're eliminating static IP addressing, and assuming dhcp fields or
DNS aliases for critical hosts there no longer is a need for persistent
storage except for storing the Kerberos keytab or SSL Cert.
Basically when the host boots it needs to find its key. This could be:
1. Check for TPM and check for key in TPM NVRAM at predefined index
2. If no key in TPM, check local storage for a partition labeled OVIRT and
get key from well known location there
That should be it. So I don't think any need for an API to encapsulate that.
>> Agreed.
>>
>>> Again, unless we have compelling hardware use case that requires 32
>>> MB, I'd not bother aiming for the 32MB mark in the short-medium
>>> term. There's other more broadly useful stuff we can do....
>> Agreed.
>
> I agree as well. For intitial devel purposes I'd just as soon see us
> develop the debug/tools image first, and then widdle it down from there
> as a second step. This will give us the debug image right away which I
> think could be useful.
I think in parallel is better. We start with a reasonably trimmed down
kickstart/filelist and then create a debug kickstart/filelist that
inherits all of the base OS files but overrides to add add'l packages/files.
>>>> OEM Pre-Install (will always have flash/disk storage) DHCP
>>>> Addressing Flash/Disk Storage/TPM Auth credentials can be stored
>>>> in a file or in TPM Static Addressing Flash/Disk Storage/TPM Auth
>>>> credentials/IP config/Server IPs can be stored in a file If TPM
>>>> is present, can be used to store auth info IT Install (may not
>>>> have flash or disk) DHCP Addressing Flash/Disk Storage/TPM Auth
>>>> credentials can be stored in a file or in TPM No Persistent
>>>> Storage (CD or PXE Boot) Auth can be stored in host image
>>>> (separate image for each host) (NOTE: Not secure for PXE boot.
>>>> Recommend that we only allow CD boot in this case) Static
>>>> Addressing Flash/Disk Storage/TPM Auth credentials/IP
>>>> config/Server IPs can be stored in a file If TPM is present, can
>>>> be used to store auth info No Persistent Storage (CD or PXE Boot)
>>>> Auth/IP config/Server IPs can be stored in host image (separate
>>>> image for each host) (NOTE: Not secure for PXE boot as above)
>>> The 2 PXE boot methods can be secure given a deployment scenario
>>> where the network admin has a dedicated PXE management LAN for
>>> their hosts. So PXE traffic would be separated from general guest /
>>> user traffic. Its probably not viable to mandate separate
>>> 'management network' but we should document it as a deployment
>>> scenario.
>
> My only thought here is.. how do we implement all these options with a
> single boot image? Somehow we'd have to identify up front if
> persistent storage is available and then allow other options to become
> available for configuration (static ip etc). I also think applications
> should be given access to persistent storage if available.
applications? There are no applications :) This is just the embedded
hypervisor. There will be services for Ovirt, but these will be written
to not need persistent storage, and we can assume a connected environment
(i.e. we're not trying to solve the problem of mobile disconnected
datacenters<g>)
> One interesting thing would be to use a union filesystem with the os
> image mounted read only and a writeable fs underneath (maybe only where
> appropriate.. eg /etc) that would be stored on persistent storage.
> This lets you modify the image at runtime, have your changes saved
> while not changing the original image.. just a thought, not sure if
> it'd be useful.
I don't think this is necessary given that we're only using persistent
storage to store a single item.
Perry
More information about the ovirt-devel
mailing list