Re: [PATCH 0/7] Prepare for daemon split

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 05, 2018 at 01:06:28PM -0400, Laine Stump wrote:
> On 03/28/2018 11:18 AM, Daniel P. Berrangé wrote:
> > When we split up the daemons, libvirtd will need to forward different
> > sets of APIs to different daemons. This means libvirtd is going to need
> > to have multiple virConnectPtr instances open.
> 
> Have you done any thinking about what will need to be added to the
> network driver API (or how)? I'd like to be involved with that.

I've not thought about it beyond hoping magic ponies will solve the
problems you describe below :)  So far I'm just working on the general
refactoring to let us (optionally) create the various daemons so there
is something concrete to explore the problems with.

> One part that troubles me is that there will no longer be a parent-child
> relationship between the process keeping track of network allocations
> and the qemu process - currently if a qemu process dies, libvirtd knows
> about it and can recover the resources that had been allocated, but with
> the network driver in a separate process, qemu could die and
> libvirtd-qemu might not be around to notify libvirtd-network (or
> whatever we end up calling the processes).

BTW, naming will be virt${DRIVER}d (eg virtqemud, virtnetworkd, etc) but
minor detail. Anyway, if QEMU dies, and virtqemud isn't running, then
when virtqemud starts up again it would notice that the QEMU went away
and do recovery, presumably telling other daemons to release resources
if needed.

> Likewise, there is the nwfilter driver's complicated callback setup to
> reload the iptables rules of all relevant domains when a filter's
> definition is changed. I haven't thought about the details, but I think
> that will need some "interesting" handling.

I was thinking the nwfilter automatic rebuild ought to be possible to
have entirely self-contained, because rebuilding shouldn't need help
from the QEMU driver - it just needs the TAP dev to exist.

> Also the network driver and nwfilter driver both use virfirewall.c,
> which has a mutex to prevent simultaneous updates; either we'll need to
> put that functionality into one of the drivers and have the other one
> call it via a public API, or we'll need to rely on iptables -w (but even
> that could lead to different results, since it's locking just during
> application of a single rule rather than a complete transaction (as
> defined by virfirewall.c).

Two possible options

 - Replace the mutex with a lock file + fcntl() locks, that both
   virnetworkd & virnwfilterd will use
 - Have virnetworkd actually call virnwfilterd to setup the rules
   it needs. I'm not sure if nwfilter can express the rules we
   need though.


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux