[Openstack] where nova-compute runs: KVM vs Xen
Yun Mao
yunmao at gmail.com
Thu Apr 5 15:06:28 UTC 2012
Right now, if you use KVM via libvirt (the default case), on the
compute node, nova-compute runs on the host. If you use Xen via
xenapi, nova-compute runs on Dom-U. (I'll ignore Xen via libvirt since
no one really uses it.)
What's the fundamental design decision to make the distinction?
Presumably, it is not *that* hard to run nova-compute in a KVM VM,
since the libvirt control socket works on tcp. I can see updating
iptables rules would be painful but shouldn't we have the same problem
with Xen? Conversely, it's also not impossible to run nova-compute in
Dom-0. I understand running something in a VM is more secure in some
sense than running in Dom0. But shouldn't the same argument apply to
KVM's case as well?
Your input is appreciated. Thanks,
Yun
More information about the Openstack
mailing list