cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Kudryavtsev <kudryavtsev...@bw-sw.com>
Subject KVM CloudStack Agent Hacking proposal
Date Mon, 22 Oct 2018 18:02:58 GMT
Hello, Devs.

I would like to introduce a feature and decided to consult with you about
its design before implementation. The feature is connected with KVM
CloudStack agent. We have found it beneficial to be able to launch custom
scripts upon VM start/stop. It can be done using Qemu hook but it has
several drawbacks:
- the hook is deployed by CS and adding additional lines into it leads to
extra efforts when ACS package is updated.
- it leads to deadlocks as you cannot effectively and easy to communicate
with libvirt from hook even with "fork & exec" because security_groups.py
and agent also participate and as a result it causes deadlocks.

Now, in the code, we have a call for "security_groups.py":

Start:
https://github.com/apache/cloudstack/blob/65f31f1a9fbc1c20cd752d80a7e1117efc0248a5/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java#L103

Stop:
https://github.com/apache/cloudstack/blob/65f31f1a9fbc1c20cd752d80a7e1117efc0248a5/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapper.java#L88

I would like is to introduce a more generic approach, so the administrator
can specify additional scripts in the agent.properties, which will be
called the same way "security_groups.py" called.

custom.vm.start=/path/to/script1,path/to.script2
custom.vm.stop=/path/to/script3,path/to.script4

So, this feature will help users to do custom hotplug mechanisms. E.g. we
have such implementation which adds per-account VXLAN as a hotplug ethernet
device. So, even for a Basic Zone, every VM gets automatic second NIC which
helps to build a private network for an account.

Currently, we do the job thru adding lines into security_groups.py, which
is not a good approach, especially for end users who don't want to hack the
system.

Also, I'm thinking about changing /etc/libvirt/hooks/qemu the same way, so
it was just an entry point to  /etc/libvirt/hooks/qemu.d/* located scripts.

Let me know about this feature proposal and if its design is good, we start
developing it.

Have a good day.

-- 
With best regards, Ivan Kudryavtsev
Bitworks LLC
Cell RU: +7-923-414-1515
Cell USA: +1-201-257-1512
WWW: http://bitworks.software/ <http://bw-sw.com/>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message