[openstack-dev] [Nova]Why nova mounts FS for LXC container instead of libvirt?

Dmitry Guryanov dguryanov at parallels.com
Thu Jan 15 14:56:29 UTC 2015

On 01/12/2015 06:35 PM, Daniel P. Berrange wrote:
> On Mon, Jan 12, 2015 at 06:28:53PM +0300, Dmitry Guryanov wrote:
>> On 01/05/2015 02:30 PM, Daniel P. Berrange wrote:
>>> On Tue, Dec 30, 2014 at 05:18:19PM +0300, Dmitry Guryanov wrote:
>>>> Hello,
>>>> Libvirt can create loop or nbd device for LXC container and mount it by
>>>> itself, for instance, you can add something like this to xml config:
>>>> <filesystem type='file'>
>>>>    <driver type='loop' format='raw'/>
>>>>    <source file='/fedora-20-raw'/>
>>>>    <target dir='/'/>
>>>> </filesystem>
>>>> But nova mounts filesystem for container by itself. Is this because rhel-6
>>>> doesn't support filesystems with type='file' or there are some other reasons?
>>> The support for mounting using NBD in OpenStack pre-dated the support
>>> for doing this in Libvirt. In faact the reason I added this feature to
>>> libvirt was precisely because OpenStack was doing this.
>>> We haven't switched Nova over to use this new syntax yet though, because
>>> that would imply a change to the min required libvirt version for LXC.
>>> That said we should probably make such a change, because honestly no
>>> one should be using LXC without using user namespaces, othewise their
>>> cloud is horribly insecure. This would imply making the min libvirt for
>>> LXC much much newer than it is today.
>> It's not very hard to replace mounting in nova with generating proper xml
>> config. Can we do it before kilo release? Are there any people, who use
>> openstack with LXC in production?
> Looking at libvirt history, it would mean we mandate 1.0.6 as the min
> libvirt for use with the LXC driver.
> Regards,
> Daniel

I've created RFC patches:


Dmitry Guryanov

More information about the OpenStack-dev mailing list