Proposed F19 Feature: High Availability Container Resources

Daniel J Walsh dwalsh at redhat.com
Tue Feb 5 14:10:53 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/01/2013 03:55 PM, David Vossel wrote:
> 
> 
> ----- Original Message -----
>> From: "Daniel J Walsh" <dwalsh at redhat.com> To: "Development discussions
>> related to Fedora" <devel at lists.fedoraproject.org> Sent: Friday, February
>> 1, 2013 10:09:27 AM Subject: Re: Proposed F19 Feature: High Availability
>> Container Resources
>> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 01/29/2013 03:17 PM, Glauber Costa wrote:
>>>>>> = Features/ High Availability Container Resources = 
>>>>>> https://fedoraproject.org/wiki/Features/High_Availability_Container_Resources
>>>>>>
>>>>>>
>>>>>>
>>
>>>>>> 
Feature owner(s): David Vossel <dvossel at redhat.com>
>>>>>> 
>>>>>> The Container Resources feature allows the HA stack (Pacemaker + 
>>>>>> Corosync) residing on a host machine to extend management of 
>>>>>> resources into virtual guest instances (KVM/LXC).
>>>>> 
>>>>> Is this about LXC or libvirt-lxc? These two are entirely different 
>>>>> projects, sharing no code, which makes me wonder which project is 
>>>>> meant here?
>>>> 
>>>> Yep, I left that vague and should have used the term "linux 
>>>> containers" instead of LXC.  I'm going to update the page to reflect
>>>> this.
>>>> 
>>>> This feature architecturally doesn't care which project 
>>>> manages/initiates the container.  All we care about is that the
>>>> container has it's own isolated network namespace that is reachable
>>>> from the host (or whatever node is remotely managing the resources
>>>> within the container)  I intentionally chose to use tcp/tls as the
>>>> first transport we will support to avoid locking this feature into
>>>> use with any specific virt technology.
>>>> 
>>>> With that said, I'm likely going to be focusing my test cases on 
>>>> libvirt-lxc just because it seems like it has better fedora support.
>>>> The LXC project appears to be moving all over the place.  Part of
>>>> the project is really to identify good use-cases for linux containers
>>>> in an HA environment.  The kvm use-case is fairly straight forward
>>>> and well understood though.  I'll update the page to list the linux 
>>>> container use-case as a possible risk.
>>> 
>>> Please also keep in mind that LXC usually refers to a specific 
>>> project, either the original "lxc" code or "libvirt-lxc". We have
>>> either Container Solutions in Fedora, like OpenVZ.
>>> 
>>> You may be able to reach a broader base by making your solution work
>>> on that too (and of course, I'd be more than happy to help to trim any 
>>> issues you may find)
>>> 
>>> -- E Mare, Libertas
>>> 
>> I would like to also understand how we can work together with 
>> virt-sandbox. (Secure Linux Containers)
> 
> Really interesting idea.
> 
> Integrating with virt-sandbox would allow the cluster to dynamically launch
> resources in a contained environment.
> 
> My understand is that this contained environment would give users the
> ability to automatically set cpu and memory usage limits for a resource as
> well as isolate that resource's access to the rest of system.  Everywhere
> that resource gets launched in the cluster, it gets the exact same
> environment.
> 
> For the HA config we could do this in a really slick way.  We could just
> allow people to start defining environment details (number cpus, memory
> usage, network settings) in the resource definition.  Then when it's time
> to launch the resource, if we have certain environment details associated
> with the resource, we'll just launch the resource in a dynamically created
> guest sandbox environment instead of directly within the host.  This is
> really brilliant... Conceptually this is like we are creating a virtual
> machine image on the fly for a resource to start in that follows the
> resource wherever it goes in the cluster.
> 
> This would be fun to talk through sometime.  The remote LRMD daemon I'm
> working on would be the piece of the puzzle that allows the HA stack to
> reach into contained environment to start/stop/monitor the resource living
> in the container.
> 
> -- Vossel
> 
I think you would also want to talk to Dan Berrange and Vivek Goyal who are
designing some higher level concepts for resource controls.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlEREu0ACgkQrlYvE4MpobNxjACeNcMMrr50+i5BHDbQv2KvOyiR
rwsAoI0flZpto2F6M7LiJdu/gr9MF8+X
=flPL
-----END PGP SIGNATURE-----

More information about the devel mailing list