[Openstack-operators] [openstack-dev] [nova] Can we bump MIN_LIBVIRT_VERSION to 1.2.2 in Liberty?
John Garbutt
john at johngarbutt.com
Fri May 15 16:30:44 UTC 2015
On 15 May 2015 at 12:28, Daniel P. Berrange <berrange at redhat.com> wrote:
> One other thing I should have mentioned is that we don't actually have
> one single minimum libvirt version. We actually have a couple of different
> minimum versions based on either the architecture or the hypervisor.
>
> For example, the Parallels hypervisor support was set to 1.2.12 and
> the S/390 support was /supposed/ to have been set to 1.0.4, but I see
> the devs failed to actally submit that change so I'll be doing that
> shortly.
>
> I think there is a credible argument that we increase the min required
> libvirt for LXC, because it requires a pretty new libvirt and kernel
> to provide any sensible level of security (ie user namespaces). We're
> rather negligent at the moment to let users deploy LXC with older
> versions as it is trivial for tenants to escape isolation.
>
> So the current MIN_LIBVIRT_VERSION is really talking about x86 + KVM
> combination.
>
> We do a really bad job of making this clear anywhere in our docs for
> Nova AFAIK. Likewise we don't make any distinction in our docs about
> the version we have tested with, vs the versions we are capable of
> running with. This is all critical info to people deploying, so they
> have guidance as to how much testing of their specific platform they
> should do at deployment time.
+1
We need to address this as part of the "feature classification" stuff.
We should certainly document what we are testing for all these combinations.
As I mentioned before, the same goes for other drivers.
We should be clear we don't current test against older versions of
Glance/Cinder/Neutron, for example.
Thanks,
John
More information about the OpenStack-operators
mailing list