Daniel P. Berrange wrote:
On Fri, Apr 24, 2009 at 12:00:13PM -0400, Bill Davidsen wrote:
> Daniel P. Berrange wrote:
>
>> There are two classes of libvirt driver connection
>>
>> - Privileged, per-host connections
>> - Unprivileged, per-user connections
>>
>>
>> Xen provides a per-host connection. UserModeLinux and QEMU provide
>> both (qemu:///system and qemu:///session). VirtualBox just proivides
>> a per-user instance (vbox:///session) and so on.
>>
>> Now by default in Fedora, when connecting to QEMU, virt-manager will
>> use the privileged per-host connection, so VMs end up in the system
>> directory /var/lib/libvirt/images.
>>
>> Our goal (perhaps for F12) should be for local desktop virt use
>> cases to use the unprivileged QEMU connection qemu://session
>> by default, and have VM disk images stored in your home directory
>>
>>
> I'm not sure that home directory is where people would want images, I
> suspect that an arbitrary location would be far more flexible. Using KVM
> without a VMM, I can put images in someplace obvious, like
> $HOME/virtual/Images (with install ISO images in ~/virtual/ISO) so my
> virtual machines are not co-mingled with other things. My system stuff
> is in /mnt/virtual/Images and people use it by using qemu-img to make a
> local qcow2 images for their personal machines (including test config,
> obviously).
>
I hinted earlier, but there are 2 core use cases too
- Local desktop virtualization. eg developers / Vmware workstation use case
- Server virtualization
Thes respectively map onto the 2 types of libvirt connection I talk about
above
- Unprivileged, per-user connections
- Privileged, per-host connections
Now, when I then talk about directories, we're only talking about
the 'default' out of the box config, which respectively will be
something like
- $HOME/VirtualImages
- /var/lib/libvirt/images
Libvirt (and virt-manager) has extensive storage management APIs now,
and can easily deal with alternative locations for storing images.
So if these default ones aren't suitable, then it'll be perectly
fine to tell virt-manager all images should live in /mnt/virtual/Images
instead.
No, those look like fine default choices, and as you note below labeling
can now be automated to solve problems like this before they happen. I'm
sadly aware of labeling problems, since I run a fair number of off-label
programs I have to setup myself.
Sounds as if the problem is addresses, thanks.
> Questions:
> - did I make clear why some flexibility is desirable?
>
We've nothing against flexibility - we're really just considering the
default out of the box config.
> - is there any technical reason not to make this an arbitrary path?
>
Historically SELinux has wanted images in particular locations. With
the introduction of SVirt in libvirt, we have much more advanced
SELinux integration and will in fact automatically re-label images
to match the needs of a VM. So allowing arbitary locations *and*
still being in compliance with SELinux policy is now practical
Daniel
--
bill davidsen <davidsen(a)tmr.com>
CTO TMR Associates, Inc
"You are disgraced professional losers. And by the way, give us our money
back."
- Representative Earl Pomeroy, Democrat of North Dakota
on the A.I.G. executives who were paid bonuses after a federal bailout.