Revision 39a77e8b doc/design-hotplug.rst
b/doc/design-hotplug.rst | ||
---|---|---|
7 | 7 |
This is a design document detailing the implementation of device |
8 | 8 |
hotplugging in Ganeti. The logic used is hypervisor agnostic but still |
9 | 9 |
the initial implementation will target the KVM hypervisor. The |
10 |
implementation adds ``python-fdsend`` as a new dependency. |
|
10 |
implementation adds ``python-fdsend`` as a new dependency. In case |
|
11 |
it is not installed hotplug will not be possible and the user will |
|
12 |
be notified with a warning. |
|
11 | 13 |
|
12 | 14 |
|
13 | 15 |
Current state and shortcomings |
... | ... | |
70 | 72 |
Which should be each device ID? Currently KVM does not support arbitrary |
71 | 73 |
IDs for devices; supported are only names starting with a letter, max 32 |
72 | 74 |
chars length, and only including '.' '_' '-' special chars. |
73 |
We use the device pci slot and name it after <device type>-pci-<slot>
|
|
74 |
(for debugging purposes we could add a part of uuid as well).
|
|
75 |
For debugging purposes and in order to be more informative, device will be
|
|
76 |
named after: <device type>-<part of uuid>-pci-<slot>.
|
|
75 | 77 |
|
76 | 78 |
Who decides where to hotplug each device? As long as this is a |
77 | 79 |
hypervisor specific matter, there is no point for the master node to |
... | ... | |
215 | 217 |
gnt-instance modify --disk add:size=1G --hotplug test |
216 | 218 |
gnt-instance modify --net 1:remove --hotplug test |
217 | 219 |
|
220 |
Dealing chroot and uid pool |
|
221 |
--------------------------- |
|
222 |
|
|
223 |
The design so far covers all issues that arise without addressing the |
|
224 |
case where the kvm process will not run with root privileges. |
|
225 |
Specifically: |
|
226 |
|
|
227 |
- in case of chroot the kvm process will not be able to see the newly |
|
228 |
created device |
|
229 |
|
|
230 |
- in case of uid pool security model kvm process will not be allowed to |
|
231 |
access the device. |
|
232 |
|
|
233 |
In NIC hotplug we address this problem by using ``getfd`` monitor |
|
234 |
command and passing the file descriptor over monitor socket using |
|
235 |
SCM_RIGHTS. In case of uid pool we can simple let hypervisor code |
|
236 |
change the rights of the device before the actual hotplug. Still this is |
|
237 |
insufficient in case of chroot. KVM 1.3 has introduced add-fd monitor |
|
238 |
command that can be eventually used and will allow disk hotplug in every |
|
239 |
case. But until then we could just allow disk hotplug only if no chroot |
|
240 |
and no security model is used for the instance. |
|
241 |
|
|
218 | 242 |
.. vim: set textwidth=72 : |
219 | 243 |
.. Local Variables: |
220 | 244 |
.. mode: rst |
Also available in: Unified diff