[RFC] Support for running runv without 9pfs #626
Conversation
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
harche
changed the title
| params = append(params, "-device", "virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x6") | ||
| params = append(params, "-drive", "file=/tmp/"+ctx.Id+"/rootfs.img,format=qcow2,if=none,id=drive-scsi0-1-0-0") | ||
| params = append(params, "-device", "scsi-hd,bus=scsi0.0,channel=0,scsi-id=1,lun=0,drive=drive-scsi0-1-0-0,id=scsi0-1-0-0") | ||
| params = append(params, "-device", "virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x2", "-device", "virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x3") |
There was a problem hiding this comment.
Disks should be inserted via special APIs()
the disk path should be specified in the container config.
This will result in doing disk hotplug.
(Avoiding disk hotplug is possible, but it requires some refactor to the code)
There was a problem hiding this comment.
By disk hotplug, are you suggesting that we could attach a disk to pod VM after it has started? If yes, could you help me point to that API?
Also, the main motivation behind this PR is to make 9pfs optional. The way the code is structured right now makes all pod VMs to have 9pfs.
There was a problem hiding this comment.
yes. This is the way how hyperd/hyperctl/hyper.sh work on the images/volumes. We have the APIs ready, only except that runv-cli hasn't call these APIs so far, which can be changed. hyperd/hyperctl/hyper.sh doesn't necessary depend on 9pfs either, we are glad to make it allow to be configured out.
To hotplug add the rootfs image, you can just put the image info into RootVolume
of the ContainerDescription.
https://github.com/hyperhq/runv/blob/master/api/descriptions.pb.go#L99
The code for setting RootVolume might be here:
https://github.com/hyperhq/runv/blob/master/cli/container.go#L76-L77
There was a problem hiding this comment.
@harche here when we create container, we created it with a spec here by protobuf, in which defined a rootVolume with VolumeDescription:
message VolumeDescription {
string name = 1;
string source = 2;
string format = 3; //"raw" (or "qcow2" later) for volume, "vfs" for dir path
string fstype = 4; //"xfs", "ext4" etc. for block dev, or "dir" for dir path
VolumeOption options = 8;
bool dockerVolume = 9;
bool readOnly = 10;
}
For block devices, you could specify Source as the path of device, Format as raw, and Fstype as xfs or ext4 or any other fs in case the guest kernel supports it.
There was a problem hiding this comment.
I am trying to implement the suggested approach above, but I am getting following error, https://pastebin.com/raw/UsfXNfdS
The change I made was, https://pastebin.com/raw/KLMxdJ63
|
any update on the PR? @harche |
|
Working on it. I was focusing on hyperhq/hyperstart#345. Now that one is merged, I will spend some time on this one. |
|
@harche I'm struggling to find out a proper user interface for the block device support, do you have any suggestion? Command line option like |
|
@laijs How would this work seamlessly with docker or k8s (with CRI-O)? IMHO, the disk creation should be part of runv (maybe using some config file to determine if VM should use 9pfs or not). If you make Our aim is to remove the 9pfs dependency from the entire docker workflow. So as I mentioned earlier, ideally whether to use 9pfs or use a root disk is the decision You can always have an option |
|
@laijs it could be added during the build time, like the changes in this PR. |
Hi,
We love
runvfor the level of isolation it offers for the critical workloads. Being able to use the docker workflow and combining it with qemu for increased isolation is just brilliant!As you already know,
runvdepends on9pfilesystem for passing the container rootfs to the virtual machine. This works great, well for most of the time. But reluctance showed by distributions to officially support it makes it difficult to get this through enterprise customers and hence effectively their critical workloads whichrunvaims to provide higher isolation. Some of the valid concerns raised for using 9p can be found here, https://access.redhat.com/discussions/1119043.So as a quick workaround we started thinking of ways to eliminate the use of 9p. Turns out, it's really not that simple to get rid of 9p if you want to pass a folder to the VM. But what if you bundle this rootfs folder into a qcow2 image and attach it to VM? Sure it will add to the bootup time of the VM because now you have to create a new qcow2 image of the rootfs (this can be optimized by caching the qcow2 images).
This PR has changes that add build time support for making
runvwork without depending on9p. The regular flow ofrunvwith 9p is not altered and it continues to function the way it is right now. But if you configure it with--without-9pand compile it, resultingrunvbinary will not use9p. Overall the modified build instructions will look like,In order to generate qcow2 image, the added dependency here is libguestfs-tools. On ubuntu just do,
apt-get install libguestfs-tools.Of course if you want don't want to use 9p, it will require changes in
hyperstarttoo. Right after creating this PR I will raise a PR inhyperstartproject to support working without 9p. If you want to userunvwith 9p, as is the case right now, the existinghyperstartwill work just fine with thisrunvpatch. The way it's implemented is,runvsends a json tohyperstartcontaining a keysharedDir. This is not required in case you aren't using 9p, so we set it to an empty string. This let'shyperstartknow that instead of mounting 9p filesystem, mount the SCSI device that has the rootfs.Corresponding hyperstart PR, hyperhq/hyperstart#344
Signed-off-by: Harshal Patil harshal.patil@in.ibm.com