[Openstack-operators] RFC: Increasing min libvirt to 1.0.6 for LXC driver ?

Daniel P. Berrange berrange at redhat.com
Fri Feb 13 12:04:19 UTC 2015


Historically Nova has had a bunch of code which mounted images on the
host OS using qemu-nbd before passing them to libvirt to setup the
LXC container. Since 1.0.6, libvirt is able todo this itself and it
would simplify the codepaths in Nova if we can rely on that

In general, without use of user namespaces, LXC can't really be
considered secure in OpenStack, and this already requires libvirt
version 1.1.1 and Nova Juno release.

As such I'd be surprised if anyone is running OpenStack with libvirt
& LXC in production on libvirt < 1.1.1 as it would be pretty insecure,
but stranger things have happened.

The general libvirt min requirement for LXC, QEMU and KVM currently
is 0.9.11. We're *not* proposing to change the QEMU/KVM min libvirt,
but feel it is worth increasing the LXC min libvirt to 1.0.6

So would anyone object if we increased min libvirt to 1.0.6 when
running the LXC driver ?

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|



More information about the OpenStack-operators mailing list