Open Stack

On Apr 5, 2012, at 10:06 AM, Yun Mao wrote:

> Right now, if you use KVM via libvirt (the default case), on the
> compute node, nova-compute runs on the host. If you use Xen via
> xenapi, nova-compute runs on Dom-U. (I'll ignore Xen via libvirt since
> no one really uses it.)
> 
> What's the fundamental design decision to make the distinction?
> Presumably, it is not *that* hard to run nova-compute in a KVM VM,
> since the libvirt control socket works on tcp. I can see updating
> iptables rules would be painful but shouldn't we have the same problem
> with Xen? Conversely, it's also not impossible to run nova-compute in
> Dom-0. I understand running something in a VM is more secure in some
> sense than running in Dom0. But shouldn't the same argument apply to
> KVM's case as well?

Running compute on the host for KVM is the simpler solution, there is less to manage.    
We run compute on a DomU on XenServer because on XenServer the Dom0 is basically an appliance VM itself, and it has issues like an ancient version of python (2.4), and the Dom0 being resource restricted.   
We *could* change that, but the point of XenServer is that it's basically an appliance, and is easier to manage/upgrade, etc if left as-is.  
Also, using a utility VM for compute lets you do things like upgrading compute by just deploying a new VM image (and as mentioned above, it isolates the Dom0 from compute. If nova-compute runs away and eats all of the ram/disk/cpu, it won't take down the host.) 

Now, this is relevant to current versions of XenServer.  Future versions, or XCP, may be a whole nother ball o' wax. 



> Your input is appreciated. Thanks,
> 
> Yun
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

--
	Monsyne M. Dragon
	OpenStack/Nova 
	cell 210-441-0965
	work x 5014190