On Fri, Dec 28, 2007 at 12:34:14AM -0800, Dave Leskovec wrote: > I'd like to extend libvirt to support Containers. As libvirt already > supports Xen, KVM, QEMU and OpenVZ, I think it would be valuable to be > able to utilize existing utilities to manage containers. When you say 'Containers' are you meaning that in the general sense of the word, or specifically referring to the container support that is being incrementally added to the upstream Linux ? > I've spent some time looking through the libvirt api and how this > Container support will fit. Based on the XML format section of the > libvirt website and some list discussions I put together the following > proposed XML format: > > <domain type='linuxcontainer'> > <name>Container123</name> > <uuid>8dfd44b31e76d8d335150a2d98211ea0</uuid> > <container> > <filesystem> > <mount>/etc = /home/user/lxc_files/etc</mount> > <mount>/var = /home/user/lxc_files/var</mount> > </filesystem> You have structured data in the CDATA section there which is bad practice. A couple of possible alternatives ... <mount node="/etc/">/home/user/lxc_files/etc</mount> Or <mount> <source dir="/home/usr/lxc_files/etc"/> <target dir="/etc"/> </mount> > <application>dbserver</application> Not sure what this is for - could you elaborate a little ? > <network hostname='browndog'> > <ip address="192.168.1.110" netmask="255.255.255.0"/> > <gateway address="192.168.1.1"/> > <nameserver>192.168.1.1</nameserver> For consistency with the <gateway> tag that would be better off as being <nameserver address="192.168.1.1"/> > </ip> > </network> > <cpushare>40</cpushare> > <memory>65536</memory> This can be in the top level - ie outside the '<container>' tag since the <memory> tag is already there for non-container based virtualization and there's no neeed to differ here. > </container> > <devices> > <console tty='/dev/pts/4' /> > </devices> > </domain> > > The clone() function is used with the CLONE_NEWPID and CLONE_NEWNS flags > to start a new process within it's own process name space. The only > processes visible to it will be itself and any processes that it > spawns. The process that clone creates will start out preparing the > container environment. This involves setting up any network interface, > setting up the file system by performing any requested mounts, mounting > /proc, setting up a tty device, populating /dev as necessary, and > performing any other necessary initializations. It will then start the > application(s) requested by the user. The executables started within > the container could be an application or script or possibly /sbin/init. Rather than trying to define a syntax for libvirt to start multiple apps within the container, I reckon just having libvirt call a single /sbin/init script would be best - that way admins can use whatever they like for startup inside the container, whether it be a simple shell script, SysV init, or something else entirely. > The mounts that the user specifies will need to be populated with the > appropriate contents for whatever applications they are going to run > within the container. cgroup will be used for isolation and association > with controllers for cpu and memory resources. > > I'm planning to start in on defining a container. All comments and > questions are welcome. Ok, it definitely sounds like you're talking specifically about the Linux based container impl now. Aside from the existing OpenVZ driver, there was also a proof of concept for the Linux-VServer based containers posted a short while back which may be a useful reference: https://www.redhat.com/archives/libvir-list/2007-October/msg00273.html I can see that all of the OpenVZ, VServer and Container concepts match up pretty nicely, so we ought to be able to get a good XML representation that works with all of them. One major area we've never successfully tackled yet, even for non-container based virtualization is the topic of resource controls / tuning info. I'd say that should be one of our priorities to sort out now we've got all the NUMA stuff integrated. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list