look into libvirt osier yang
DESCRIPTION
China OpenStack User GroupTRANSCRIPT
![Page 2: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/2.jpg)
Status
● First release on Dec 19 2005
● 1.0.0 in two weeks. (Finally)
● 25 maitainers/commiters.
● 200 ~ 300 patches per release
● Less than 300 APIs
![Page 3: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/3.jpg)
Why libvirt?● Long term API/ABI/XML back-compact
● Portable between various HVs
● Hides complex interfaces of HV
● Hides HV's API changes
● Available on Linux, Solaris, Windows & OS-X
● Secure access (TLS, SASL, SSH, PolicyKit)
● Open, LGPLv2+ license
![Page 4: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/4.jpg)
What libvirt manages
● Domain
● Virtual network
● Host network interface
● Node device
● Storage pool/volume
● Network filter
● Secret
![Page 5: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/5.jpg)
Supported hypervisors
● QEMU/KVM
● XEN: XenD, XenStored, XM, libxenlight
● VMWare: ESX, GSX server, Workstation,
Player
● Linux container: LXC, OpenVZ
● Test, Remote
● UML, VirtualBox, Hyper-V, Parallels, etc
![Page 6: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/6.jpg)
Virtual network
● Nat (dnsmasq/Radvd, iptables)
● Route
● Isolated
● Bridge (Open vSwitch, Macvtap)
● Host network interface passthrough (SR-IOV VFs pool)
![Page 7: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/7.jpg)
Host network interface
● Based on netcf -> augeas
● Enumerate
● Management(ethernets, bonds, bridges, vlan interfaces)
● Transaction support – revert/commit config changes
● Report status (libnl, ioctl, sysfs)
![Page 8: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/8.jpg)
Network filter
● iptables
● ebtables
● Ip6tables
● E.g. allow-incoming-ipv4 no-ip-multicast
![Page 9: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/9.jpg)
Storage
● pool, volume
● fs (dir, fs, netfs)
● scsi
● Iscsi
● Disk
● lvm
● mpath
● sheepdog, rbd
![Page 10: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/10.jpg)
Node device
● Enumerate host devices
● Backends (udev, HAL)
● vHBA create/destroy
![Page 11: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/11.jpg)
Secret
● Encrypt storage
● Can be used to encrypt a storage volume or domain disk
● Only support qcow disks
![Page 12: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/12.jpg)
Miscellaneous
● Hooks (Daemon, QEMU, LXC, Migration)
● Audit
● Security (Selinux/Apparmor, sVirt)
● Locking (libsanlock, POSIX fcntl)
● Zero-conf (Avahi)
● etc...
![Page 13: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/13.jpg)
How to talk with QEMU
● Monitor (HMP, QMP)
● Guest agent monitor
● Serial/Parrell console
● Graphic console (vnc/spice)
● Network
![Page 14: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/14.jpg)
Domain APIs (libvirt.h)
● Lifecyle (define/undefine, start/destroy, suspend/resume), list, lookup.
● Save, restore, core dump, suspend, resume
● Migration
● Snapshot (Internal/External, Disk-only/ System checkpoint/VM state)
● Guest resource management (memory, network, memory, cpu, NUMA tuning)
![Page 15: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/15.jpg)
Domain APIs (libvirt.h)
● Host device passthrough
● Detach/reattach node devices
● Async events
● Node resource management (memory)
● APIs based on guest agent (E.g. S3/S4)
● Guest block/network I/O statistics
● ...more...
![Page 16: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/16.jpg)
libvirt architecture
client
public API
remote
Node
libvirtdRPC
uri = “qemu://$hostname/system"
$URI
libvirt-qemu
monito
r
guestGuestagent
Agent m
onito
r
qem
u-k
vm
![Page 17: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/17.jpg)
The stack
public API
KVM XEN ESX LXC UML ......
Network Storage Iface nwfilter Secret Nodedev
cgroup
devmap
netcf iptables ebtables tc libnl
lvm selinux sysfs udev HAL
iscsiadm ioctl libnuma numad sanlock qemu-img
libvirtd
virshvirsh bindings SNMP AMQP ......
![Page 18: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/18.jpg)
Stuffs around
● Language bindings (Python, Perl, Ruby, Jave, OCaml, C#, PHP)
● Libvirt-snmp
● Libvirt-qpid
● Libvirt-cim
● l ibvirt-glib (libvirt-glib, libvirt-gconf, libvirt-gobject)
![Page 19: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/19.jpg)
Stuffs around
● Virt-manager
● virt-viewer
● python-virtinst
● Libosinfo
● Libvirt-designer
● Libvirt-sandbox
● Gnome Boxes
![Page 20: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/20.jpg)
Stuffs around
● Virt-manager, virt-viewer
● python-virtinst
● Libosinfo
● Libvirt-designer
● Libvirt-sandbox
● Gnome Boxes
● Eucalyptus, openstack
● Plugins for collectd, munin, Nagios, Zenoss
![Page 21: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/21.jpg)
l ibguestfs● For accessing and modifying virtual machine
(VM) disk images
● View and edit files inside guests
● Scripting changes to VM
● Monitoring disk used/free statistics
● P2V, V2V
● Performing partial backups
● Cloning VMs, etc..
![Page 22: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/22.jpg)
How libguestfs works
l ibguestfs
client
qemu
guestfsd
Linux kernel
Device orDisk image
Appliance
![Page 23: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/23.jpg)
virt-v2v
● Convert VMs on XEN/ESX to RH virt stack
● Support guests of RHEL, Fedora, Windows
● Based on libguestfs and libvirt
![Page 24: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/24.jpg)
How virt-v2v works
● Shutdown guest on source host
● Use libvirt to get domain XML config
● Copy storage
● Convert storage and modify XML
● Use libvirt to define and start the domain on dest host
![Page 25: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/25.jpg)
The conversion - RHEL/FC
● Remove XEN/ESX specific stuffs (E.g.
xenpv kernel/drivers, VMWare tools)
● Install or update kernel, try best to let it
support virtio
● Update block and network drivers
![Page 26: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/26.jpg)
Ongoing or TODO
● Snapshot improvements
● Storage driver improvements (glusterfs,
job, inotify)
● LXC driver improvements
● Persistent vHBA
● Migration with NPIV
● Associate storage with domain
● Improve device hotplug
![Page 27: Look Into Libvirt Osier Yang](https://reader034.vdocuments.mx/reader034/viewer/2022052505/555151f5b4c905c6268b5632/html5/thumbnails/27.jpg)
Ongoing or TODO
● Lifecycle events for all objects
● Role based access control on all public APIs
● Isolate QEMU process with Linux Container
namespaces.
● APIs to expose host/hypervior's capabilities
● Etc...