On Sat, Jun 12, 2021 at 08:00:15AM -0400, Neal Gompa wrote: > At build-time, libguestfs copies the content of the kernel package > along with binaries of various filesystem tools into itself to run a > custom appliance for manipulating VMs. The Fedora-based libguestfs > package can handle Btrfs even on RHEL because it relies on the > binaries of the Fedora kernel and filesystem utilities instead of the > RHEL ones. It will run QEMU and boot up *its* VM to manipulate VM > stuff. That's even how guestfish works for mounting VM disks on the host. So it's a bit more subtle than this. Normally libguestfs will build the appliance at runtime, using files from the host. It is then run it using qemu + the latest kernel image found in /boot or /lib/modules (so not necessarily the host kernel, but it might be). The process is described here: https://rwmj.wordpress.com/2014/03/08/supermin-version-5/ This has the advantage that you don't have to ship the appliance at all (which is usually about ~300 MB, so quite a saving), and security updates are handled automatically. Instead we ship only this in the RPM: $ du -sh /usr/lib64/guestfs/supermin.d/ 2.3M /usr/lib64/guestfs/supermin.d/ However ... containers. There's all kinds of weirdness / brokenness with containers (and especially when you combine them with Kubernetes) which makes this harder to do: - usually limited or unpredictable space on /var/tmp so we have nowhere to build and cache the appliance (but shlepping around hundreds of megabytes of the same appliance in the container? totes fine! go figure ...) - "bazel" doesn't build an RPM database or run %post scripts, so it makes something that looks a bit like a container running Fedora, but is quite broken, in particular supermin can't work - missing/broken kernel packages My colleague is currently building a container-based version of libguestfs which does indeed work a lot more like Neal describes above. There will be a pre-built appliance, updated every so often (hopefully often enough that security issues won't be too much of a problem). It'll get downloaded -- all hundreds of megabytes -- through the usual container distribution channels. This is actually why I was interested in the question originally since I was wondering if there was duplicated effort going on. I should stress this is only for containers. supermin will continue to be used in regular Fedora. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
