Documentation Virtualization Beat

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(first draft)
(47 intermediate revisions by 10 users not shown)
Line 1: Line 1:
 
{{header|docs}}
 
{{header|docs}}
{{Docs_beat_open}}
+
{{Docs_beat_closed}}
 +
==Libvirt Client Access Control==
  
== Virtualization ==
+
The '''libvirt''' client allows for the setting of permission rules which can be applied to all managed objects and API operations, thus allowing for all client connections to be limited to a minimal set of rules and privileges.  
=== Amazon Elastic Computing Cloud ===
+
There are three levels of access which can be assigned:
<!-- do we need to note trademark somehow? -->
+
Fedora 14 and later versions will now be available for users of the Amazon Elastic Computing Cloud service.
+
  
For more information, refer to:  
+
* Unauthenticated - used for all connections, this state allows all API operations that are required to complete authentication. Following a successful authentication, two more levels can be assigned:
* http://fedoraproject.org/wiki/Features/EC2
+
** Unrestricted - full access to all API operations
* http://aws.amazon.com/ec2/
+
** Restricted - read only access
  
=== Spice Framework for Desktop Virtualization===
+
System administrators can set permission rules for authenticated connections. Every API call in '''libvirt''' has a set of permissions that are validated against the object that is being used. For example, User A wants to change a parameter in the '''domain''' object. When the user tries to save the change, '''virDomainSetSchedulerParametersFlags''' method will check whether the client has write permissions on the '''domain''' object. Additional checks and permission settings can be processed as well. Filtering can also be done to see which clients have permissions on which objects to allow for smother administration of permissions.
The Simple Protocol for Independent Computing Environments (SPICE) is used for client-server communication and enhances interaction with virtual machine guests. Spice adds a QXL display device to QEMU and provides drivers for this device for both X and Windows.  
+
The '''libvirtd.conf''' configuration file is responsible for setting the access permissions. It uses the ''access_drivers'' parameter to enable this operation. Note that if more than one access driver is requested, all must succeed in order for permission to be granted.
 +
More information can be found here:
  
The Spice framework for desktop virtualization
+
* https://fedoraproject.org/wiki/Changes/Virt_ACLs
aims to provide a complete open source solution for interaction with virtualized desktops.
+
* http://libvirt.org/acl.html
  
For more information, refer to:  
+
==Virt-manager Snapshots==
* http://fedoraproject.org/wiki/Features/Spice
+
Virtual Machine Manager ('''virt-manager''') allows for easy management and monitoring of KVM guest virtual machine snapshots. Note that '''virt-manager''' will pause the guest virtual machine for a few seconds while taking the snapshot.
 +
More information is available here:
 +
* https://fedoraproject.org/wiki/Changes/Virt_Manager_Snapshots
 +
* http://fedoraproject.org/wiki/Features/Virt_Live_Snapshots
 +
* http://libvirt.org/formatsnapshot.html
 +
* Snapshot section here: http://linux.die.net/man/1/virsh
 +
* https://fedoraproject.org/wiki/QA:Testcase_Virt_Snapshot_UI
  
=== Xen to KVM Migration ===
+
==ARM emulation on x86 Host Physical Machines==  
virt-v2v is a command line tool that enables Xen domUs (ie. guests) to be migrated to use KVM.  
+
Changes have been made to have smoother emulation of ARM guest virtual machines running on x86 hosts using standard '''libvirt''' tools, including '''virsh''', '''virt-manager''' and '''virt-install'''.
Users with Xen guests can try out KVM. Users can also migrate from Xen to KVM for its enhanced ease of use.
+
'''qemu''' has an ARM emulator that works well and is actively used in the  Fedora ARM effort. However '''libvirt''' and '''virt-manager''' currently have  issues launching '''qemu-system-arm''' VMs, mostly by encoding x86 assumptions  in the generated command line that cause '''qemu-system-arm''' to fail to start. Changes have been made to fix this issue.
 +
More information can be found here: https://fedoraproject.org/wiki/Changes/Virt_ARM_on_x86
  
For more information, refer to:  
+
==Ryu Software Defined Networking==
* http://fedoraproject.org/wiki/Features/Xen_to_KVM_migration
+
Fedora 20 features Ryu, software that enables effective, software defined networking for OpenStack virtualization. As a building block of an OpenFlow controller, Ryu provides a Layer 2 isolated network for Openstack. For more information, read:
  
=== Other Improvements ===
+
* http://osrg.github.com/ryu/
==== Virtualization Technology Preview Repo ====
+
* https://github.com/osrg/ryu/wiki
The Virtualization Preview Repository exists for people who would like to test the very latest virtualization related packages. This repo is intended primarily as an aid to testing and early experimentation. It is not intended for 'production' deployment.  
+
* http://osrg.github.com/ryu/doc/index.html
  
For further details refer to:
 
* http://fedoraproject.org/wiki/Virtualization_Preview_Repository
 
  
=== Xen Kernel Support ===
 
The <code>kernel</code> package in Fedora 14 supports booting as a guest domU, but will not function as a dom0 until such support is provided upstream.
 
 
The most recent Fedora release with dom0 support is Fedora 8.
 
 
Booting a Xen domU guest within a Fedora 14 host requires the KVM based <code>xenner</code>. Xenner runs the guest kernel and a small Xen emulator together as a KVM guest.
 
 
{{Admon/important | KVM requires hardware virtualization features in the host system.| Systems lacking hardware virtualization do not support Xen guests at this time. }}
 
 
 
For further details refer to:
 
* http://sourceforge.net/projects/kvm
 
* http://kraxel.fedorapeople.org/xenner/
 
* http://fedoraproject.org/wiki/Features/XenPvops
 
* http://fedoraproject.org/wiki/Features/XenPvopsDom0
 
 
<noinclude>[[Category:Release Notes]]<noinclude>
 
  
 
[[Category:Docs Project]]
 
[[Category:Docs Project]]
 
[[Category:Draft documentation]]
 
[[Category:Draft documentation]]
 
[[Category:Documentation beats]]
 
[[Category:Documentation beats]]

Revision as of 18:55, 20 October 2013

DocsProject Header docTeam1.png
Warning (medium size).png
Beat Closed on Wiki
Work on beats has now moved to git. If you have changes or additions, please contact the docs team via #fedora-docs, docs@lists.fp.o, or with the fedora-release-notes BZ component.

Contents

Libvirt Client Access Control

The libvirt client allows for the setting of permission rules which can be applied to all managed objects and API operations, thus allowing for all client connections to be limited to a minimal set of rules and privileges. There are three levels of access which can be assigned:

  • Unauthenticated - used for all connections, this state allows all API operations that are required to complete authentication. Following a successful authentication, two more levels can be assigned:
    • Unrestricted - full access to all API operations
    • Restricted - read only access

System administrators can set permission rules for authenticated connections. Every API call in libvirt has a set of permissions that are validated against the object that is being used. For example, User A wants to change a parameter in the domain object. When the user tries to save the change, virDomainSetSchedulerParametersFlags method will check whether the client has write permissions on the domain object. Additional checks and permission settings can be processed as well. Filtering can also be done to see which clients have permissions on which objects to allow for smother administration of permissions. The libvirtd.conf configuration file is responsible for setting the access permissions. It uses the access_drivers parameter to enable this operation. Note that if more than one access driver is requested, all must succeed in order for permission to be granted. More information can be found here:

Virt-manager Snapshots

Virtual Machine Manager (virt-manager) allows for easy management and monitoring of KVM guest virtual machine snapshots. Note that virt-manager will pause the guest virtual machine for a few seconds while taking the snapshot. More information is available here:

ARM emulation on x86 Host Physical Machines

Changes have been made to have smoother emulation of ARM guest virtual machines running on x86 hosts using standard libvirt tools, including virsh, virt-manager and virt-install. qemu has an ARM emulator that works well and is actively used in the Fedora ARM effort. However libvirt and virt-manager currently have issues launching qemu-system-arm VMs, mostly by encoding x86 assumptions in the generated command line that cause qemu-system-arm to fail to start. Changes have been made to fix this issue. More information can be found here: https://fedoraproject.org/wiki/Changes/Virt_ARM_on_x86

Ryu Software Defined Networking

Fedora 20 features Ryu, software that enables effective, software defined networking for OpenStack virtualization. As a building block of an OpenFlow controller, Ryu provides a Layer 2 isolated network for Openstack. For more information, read: