Revision 39a77e8b doc/design-hotplug.rst
| b/doc/design-hotplug.rst | ||
|---|---|---|
| 7 | 7 |
This is a design document detailing the implementation of device |
| 8 | 8 |
hotplugging in Ganeti. The logic used is hypervisor agnostic but still |
| 9 | 9 |
the initial implementation will target the KVM hypervisor. The |
| 10 |
implementation adds ``python-fdsend`` as a new dependency. |
|
| 10 |
implementation adds ``python-fdsend`` as a new dependency. In case |
|
| 11 |
it is not installed hotplug will not be possible and the user will |
|
| 12 |
be notified with a warning. |
|
| 11 | 13 |
|
| 12 | 14 |
|
| 13 | 15 |
Current state and shortcomings |
| ... | ... | |
| 70 | 72 |
Which should be each device ID? Currently KVM does not support arbitrary |
| 71 | 73 |
IDs for devices; supported are only names starting with a letter, max 32 |
| 72 | 74 |
chars length, and only including '.' '_' '-' special chars. |
| 73 |
We use the device pci slot and name it after <device type>-pci-<slot>
|
|
| 74 |
(for debugging purposes we could add a part of uuid as well).
|
|
| 75 |
For debugging purposes and in order to be more informative, device will be
|
|
| 76 |
named after: <device type>-<part of uuid>-pci-<slot>.
|
|
| 75 | 77 |
|
| 76 | 78 |
Who decides where to hotplug each device? As long as this is a |
| 77 | 79 |
hypervisor specific matter, there is no point for the master node to |
| ... | ... | |
| 215 | 217 |
gnt-instance modify --disk add:size=1G --hotplug test |
| 216 | 218 |
gnt-instance modify --net 1:remove --hotplug test |
| 217 | 219 |
|
| 220 |
Dealing chroot and uid pool |
|
| 221 |
--------------------------- |
|
| 222 |
|
|
| 223 |
The design so far covers all issues that arise without addressing the |
|
| 224 |
case where the kvm process will not run with root privileges. |
|
| 225 |
Specifically: |
|
| 226 |
|
|
| 227 |
- in case of chroot the kvm process will not be able to see the newly |
|
| 228 |
created device |
|
| 229 |
|
|
| 230 |
- in case of uid pool security model kvm process will not be allowed to |
|
| 231 |
access the device. |
|
| 232 |
|
|
| 233 |
In NIC hotplug we address this problem by using ``getfd`` monitor |
|
| 234 |
command and passing the file descriptor over monitor socket using |
|
| 235 |
SCM_RIGHTS. In case of uid pool we can simple let hypervisor code |
|
| 236 |
change the rights of the device before the actual hotplug. Still this is |
|
| 237 |
insufficient in case of chroot. KVM 1.3 has introduced add-fd monitor |
|
| 238 |
command that can be eventually used and will allow disk hotplug in every |
|
| 239 |
case. But until then we could just allow disk hotplug only if no chroot |
|
| 240 |
and no security model is used for the instance. |
|
| 241 |
|
|
| 218 | 242 |
.. vim: set textwidth=72 : |
| 219 | 243 |
.. Local Variables: |
| 220 | 244 |
.. mode: rst |
Also available in: Unified diff