[openstack-dev] [Containers] Nova virt driver requirements

Dmitry Guryanov dguryanov at parallels.com
Thu Jul 10 13:36:59 UTC 2014 

On Monday 07 July 2014 16:11:21 Joe Gordon wrote:
> On Jul 3, 2014 11:43 AM, "Dmitry Guryanov" <dguryanov at parallels.com> wrote:
> > Hi, All!
> > 
> > As far as I know, there are some requirements, which virt driver must
> 
> meet to
> 
> > use Openstack 'label'. For example, it's not allowed to mount cinder
> 
> volumes
> 
> > inside host OS.
> 
> I am a little unclear on what your question is. If it is simply about the
> OpenStack label then:
> 
> 'OpenStack' is a trademark that is enforced by the OpenStack foundation.
> You should check with the foundation to get a formal answer on commercial
> trademark usage. (As an OpenStack developer, my personal view is having out
> of tree drivers is a bad idea, but that decision isn't up to me.)
> 
> If this is about contributing your driver to nova (great!), then this is
> the right forum to begin that discussion. We don't have a formal list of
> requirements for contributing new drivers to nova besides the need for CI
> testing. If you are interested in contributing a new nova driver, can you
> provide a brief overview along with your questions to get the discussion
> started.

OK, thanks!

Actually we are discussing, how to implement containers support in nova-
containers team.

I have a question about mounts - in OpenVZ project each container has its own 
filesystem in an image file. So to start a container we mount this filesystem 
in host OS (because all containers share the same linux kernel). Is it a 
security problem from the Openstack's developers vision?


I have this question, because libvirt's driver uses libguestfs to copy some 
files into guest filesystem instead of simple mount on host. Mounting with 
libguestfs is slower, then mount on host, so there should be strong reasons, 
why libvirt driver does it.


> 
> Also there is an existing efforts to add container support into nova and I
> hear they are making excellent progress; do you plan on collaborating with
> those folks?
> 
> > Are there any documents, describing all such things? How can I determine,
> 
> if
> 
> > my virtualization driver for nova (developed outside of nova mainline)
> 
> works
> 
> > correctly and meet nova's security requirements?
> > 
> > 
> > --
> > Dmitry Guryanov
> > 
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-- 
Dmitry Guryanov

More information about the OpenStack-dev mailing list