cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Kudryavtsev <kudryavtsev...@bw-sw.com>
Subject Re: KVM CloudStack Agent Hacking proposal
Date Tue, 23 Oct 2018 13:59:10 GMT
Wido,

> How are you planning on getting things like the VM name and other
details to the scripts?

Agent passes it right now into SGs, so I'm thinking about the same way:
https://github.com/apache/cloudstack/blob/65f31f1a9fbc1c20cd752d80a7e1117efc0248a5/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java#L103

As about VM details, I think, the script can get them from libvirt if
necessary or from /var/run/libvirt/qemu it's up to the user how to get what
he/she needs. What I care about is about avoiding the deadlocks.

вт, 23 окт. 2018 г. в 2:46, Wido den Hollander <wido@widodh.nl>:

>
>
> On 10/22/18 8:02 PM, Ivan Kudryavtsev wrote:
> > Hello, Devs.
> >
> > I would like to introduce a feature and decided to consult with you about
> > its design before implementation. The feature is connected with KVM
> > CloudStack agent. We have found it beneficial to be able to launch custom
> > scripts upon VM start/stop. It can be done using Qemu hook but it has
> > several drawbacks:
> > - the hook is deployed by CS and adding additional lines into it leads to
> > extra efforts when ACS package is updated.
> > - it leads to deadlocks as you cannot effectively and easy to communicate
> > with libvirt from hook even with "fork & exec" because security_groups.py
> > and agent also participate and as a result it causes deadlocks.
> >
> > Now, in the code, we have a call for "security_groups.py":
> >
> > Start:
> >
> https://github.com/apache/cloudstack/blob/65f31f1a9fbc1c20cd752d80a7e1117efc0248a5/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java#L103
> >
> > Stop:
> >
> https://github.com/apache/cloudstack/blob/65f31f1a9fbc1c20cd752d80a7e1117efc0248a5/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStopCommandWrapper.java#L88
> >
> > I would like is to introduce a more generic approach, so the
> administrator
> > can specify additional scripts in the agent.properties, which will be
> > called the same way "security_groups.py" called.
> >
> > custom.vm.start=/path/to/script1,path/to.script2
> > custom.vm.stop=/path/to/script3,path/to.script4
> >
> > So, this feature will help users to do custom hotplug mechanisms. E.g. we
> > have such implementation which adds per-account VXLAN as a hotplug
> ethernet
> > device. So, even for a Basic Zone, every VM gets automatic second NIC
> which
> > helps to build a private network for an account.
> >
> > Currently, we do the job thru adding lines into security_groups.py, which
> > is not a good approach, especially for end users who don't want to hack
> the
> > system.
> >
> > Also, I'm thinking about changing /etc/libvirt/hooks/qemu the same way,
> so
> > it was just an entry point to  /etc/libvirt/hooks/qemu.d/* located
> scripts.
> >
> > Let me know about this feature proposal and if its design is good, we
> start
> > developing it.
> >
>
> Seems like a good thing! It adds flexibility to the VM.
>
> How are you planning on getting things like the VM name and other
> details to the scripts?
>
> Wido
>
> > Have a good day.
> >
>


-- 
With best regards, Ivan Kudryavtsev
Bitworks LLC
Cell RU: +7-923-414-1515
Cell USA: +1-201-257-1512
WWW: http://bitworks.software/ <http://bw-sw.com/>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message