• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
libvirt: A virtualization API
 

libvirt: A virtualization API

on

  • 3,671 views

 

Statistics

Views

Total Views
3,671
Views on SlideShare
3,670
Embed Views
1

Actions

Likes
2
Downloads
171
Comments
1

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • comprehensive~
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    libvirt: A virtualization API libvirt: A virtualization API Presentation Transcript

    • libvirt: A virtualization API M ARCO G UAZZONE Distributed Computing Systems Group (DCS) Department of Computer Science University of Piemonte Orientale marco.guazzone@mfn.unipmn.it September 8, 2008 Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 1 / 45
    • Outline 1 Hypervisor APIs Hypercall API Management API 2 libvirt libvirt: Overview libvirt: Virtualization Support 3 Examples QEMU Xen Remote Management 4 Conclusions 5 References Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 2 / 45
    • Hypervisor APIs Two types of APIs: 1 Hypercall API: used by guests for para-virtualization. 2 Management API: used by management tools. In Xen, also known as Xen API Important In the following, we will focus our attention on the Xen hypervisor. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 3 / 45
    • Hypervisor APIs: the Xen system . . . From [6]. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 4 / 45
    • Hypervisor APIs: Hypercall API APIs for letting a guest to perform privileged instructions The hypervisor (not the kernel) has interrupt handlers installed. When the application (in the guest) invokes a system call: 1 an interrupt is raised (trap) 2 and is caught by the hypervisor, 3 which then passes the control back to the guest OS, through an asynchronous event . . . From [6]. notification mechanism. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 5 / 45
    • Hypervisor APIs: Hypercall API Example How a Xen C hypercall might look like: hypercall_ret = xen_op(operation, arg1, arg2, arg3, arg4); Example Resulting assembly-like routine: _xen_op: mov eax, 4(esp) mov ebx, 8(esp) mov ecx, 12(esp) mov edx, 16(esp) mov esi, 20(esp) int 0x82 ret Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 6 / 45
    • Hypervisor APIs: Hypercall API Hardware Virtual Machine (HVM), also known as hardware assisted virtualization, has recently emerged. Intel’s VT and AMD’s AMD-V extensions are the majors hardware support technologies for virtualization. With HVM the use of additional protecting rings become less critical. A guest in an HVM environment can use the accelerated transitions to ring 0 for system calls (accelerated system calls), because it has not been moved from ring 0 to ring 1 (as happens instead with para-virtualization). Is this the best solution? Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 7 / 45
    • Hypervisor APIs: Hypercall API No! Hybrid virtualization seems to behave better. Since with HVM the guest OS is not modified for supporting para-virtualization, it does not know that is running in a virtual environment and so it cannot take advantage of any of the virtualization features. The result is that HVM might be slower than para-virtualization. Hybrid virtualization tries to take the best of each worlds: From HVM: makes use of accelerated system calls and exploit other hardware assisted facilities, like nested page tables (NPTs) [3]. With Nested Paging, a page table in the hardware takes care of the translation between the guest address of a virtual machine and the physical address, reducing the overhead. From para-virtualization: use of light-weighted ad-hoc interfaces rather than relying on emulated hardware (e.g., for I/O). Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 8 / 45
    • Hypervisor APIs: (Xen) Management API APIs used by user-space applications for management and VM’s life-cycle tasks. In Xen: Xen API, the core API, are an XML-RPC based API. xend listens for XML-RPC connections. All that can be done with the xm tool is possible with Xen API. Upon Xen API there are several bindings. Each binding API sends an XML-RPC over the socket where an instance of xend is listening. xend handles the request itself or dispatch it on to the kernel’s hypervisor interface and then on the hypervisor itself. Third party tools and libraries reside upon these bindings. libvirt is one of these libraries. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 9 / 45
    • Hypervisor APIs: (Xen) Management API Currently supported binding languages: libxen, C binding. pyxen, Python binding. XenSdk.net, C# binding (in Citrix XenServer 4.1). Xen-CIM, a CIM provider for the DMTF virtualization schema. The Common Information Model (CIM) [9] is a family of open standards, defined and published by the Distributed Management Task Force (DMTF), that defines how managed elements in an IT environment are represented as a common set of objects and relationships between them. This is intended to allow consistent management of these managed elements, independent of their manufacturer or provider. Is a modeling language, rather than a programming language. Provides a uniform, generic and standard interface for accessing to management facilities. VMware provides a CIM layer too [16]. Java binding probably no more supported. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 10 / 45
    • libvirt: What is it? The libvirt toolkit provides a higher-level VM management interface for tools and applications, that is: A set of command line utilities for interacting with the virtualization capabilities of the OS. A consistent set of API in C with the aim to provide support across different virtualization tools. A CIM provider for the DMTF virtualization schema. A project sponsored by the Red Hat’s Emerging Technology group [13]. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 11 / 45
    • libvirt: Goal To provide all the operations needed to manage guests or domains running on a single physical node. To supplies a stable interface that isolates upper-level software from changes in the underlying virtualization layer. Each virtualization layer would implement the libvirt interface on which the upper layer tools rely. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 12 / 45
    • libvirt: Features Virtualization support. Management of virtual machines, virtual network and storage. Remote management. The libvirt library does not provide high-level multi-node management features such as load balancing. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 13 / 45
    • libvirt: Components libvirt: the core C API layer. virtsh: a command line C program which provides a shell environment and a management user interface. Application layer Can be used to create, pause, list, migrate and libvirt tools layer shutdown domains. libvirtd virsh libvirtd: a C daemon for API bindings managing guest instances and libvirt virtual networks. libvirt API layer Hypervisor layer Other hypervisor drivers libxen CIM XML Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 14 / 45
    • libvirt: Virtualization support Terminology: node: a single physical machine. hypervisor: a layer of software allowing to virtualize a node in a set of virtual machines with possibly different configurations than the node itself. domain: an instance of an operating system running on a virtualized machine provided by the hypervisor. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 15 / 45
    • libvirt: Connections Interaction with a virtualization technology based on connection. Use of URI to specify which driver a connection refers to. driver[+transport]://[username@][hostname][:port]/[path][?extraparameters] driver: the virtualization technology to interact with. transport: the transport layer to use for connecting to the driver. username: the credentials to use for connecting to the driver. hostname: the (possible remote) host where the virtualization technology resides. port: the port where the virtualization technology listens for connections. path: a driver dependent path (e.g. the path to a Unix domain socket). extraparameters: additional optional parameters. NULL and empty string URIs means “connect to the best available local hypervisor”. Actually tries to connect to Xen. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 16 / 45
    • libvirt: Drivers The virtualization technology to interact with: ldom: the Sun LDoms virtualization technology [15]. Directly provided by Sun, starting from version 1.0.2 [14]. lxc: the LXC [1] Linux container system. openvz: the OpenVZ [2] Linux container system. qemu: the QEMU [5] emulator (also for the KVM [12] and Xenner [10] hypervisors). remote: a dummy driver for accessing to “remote” hypervisors. storage: storage on IDE/SCSI/USB disks, FibreChannel, LVM, iSCSI, NFS and filesystems. test: a dummy driver for testing purposes. xen: the Xen [7] hypervisor on Linux and Solaris hosts. Others undocumented/experimental/planned: uml (User Mode Linux), vserver (Linux V-Server, [11]), vmware (VMware), hyperv (Microsoft Hyper-V, [8]). Mostly found in libvirt-0.4.4/src/domain_conf.[hc]. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 17 / 45
    • libvirt: Transports The protocol used for connecting to the virtualization technology: ext: use an external program which can make a connection to the remote machine by means outside the scope of libvirt. ssh: use an SSH connection (needs netcat and libvirtd on the remote machine). libvirt constructs an SSH command which looks like: command -p port [-l username] hostname netcat -U socket port, username, hostname can be specified as part of the remote URI. command, netcat and socket come from extra parameters (or sensible defaults). tcp: use the TCP/IP transport protocol. tls: use a TLS connection (needs client and server certificates). unix: use a UNIX socket. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 18 / 45
    • libvirt: Extra Parameters An optional list of parameters following the syntax of RFC-2396. Name Transports Meaning name * Explicitly force the name of the hypervisor. Example: ...&name=qemu:///system command ssh, ext The external command. Example: ...&command=/opt/openssh/bin/ssh socket unix, ssh The path to the Unix domain socket (overrides the default). Example: ...&socket=/opt/libvirt/run/libvirt/libvirt-sock netcat ssh The name of the netcat command on the remote machine (default is nc). Example: ...&netcat=/opt/netcat/bin/nc no_verify tls If set to a non-zero value, this disables client checks of the server’s certificate. Example: ...&no_verify=1 no_tty ssh If set to a non-zero value, this stops ssh from asking for a pass- word if it cannot log in to the remote machine automatically (eg. using ssh-agent etc.). Example: ...&no_tty=1 Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 19 / 45
    • libvirt: Domain Configuration A virtualized element (i.e. a domain, a storage or a network) is defined through a configuration XML file, containing, among other things: The type of the hypervisor used for running the domain. The symbolic name of the domain. The type of boot-loader: The bios boot-loader, available in full virtualization, which uses the BIOS boot order priority (e.g., floppy, hard-disk, cdrom, network) for finding and booting the boot image. The host boot-loader, available in para-virtualization, where the host is responsible for kicking off the operating system boot. The direct kernel boot-loader, available in full/para-virtualization, which boots directly from a kernel stored in the host OS. The boot device. The maximum resource usage for CPUs and memory. The devices provided to the guest domain. Include: disks (HD, floppy, CD-ROM), USB, NIC, input devices, graphical frame-buffers (e.g. for VNC), console/serial/parallel devices. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 20 / 45
    • libvirt: Local Domain Management libvirt API layer Hypervisor layer xen:/// xen Application layer qemu :/// driver xend xenstored QEMU driver Xen hypervisor qemu Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 21 / 45
    • libvirt: Remote Domain Management libvirt API layer libvirt API layer Hypervisor layer xen:/// Application layer remote xen driver driver xend xenstored qemu:/// QEMU local host driver Xen hypervisor qemu remote host Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 22 / 45
    • libvirt: Bindings Available binding languages: libvirt-python, the official Python binding. Sys::Virt: a Perl binding. ocaml-libvirt: the official OCaml binding. ruby-libvirt: the official Ruby binding. libvirt-java: the official Java binding (WIP). Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 23 / 45
    • Examples: QEMU In order to use QEMU through libvirt it is necessary: 1 To install QEMU and libvirt (and their dependencies) For QEMU is highly recommended to also install the KVM+QEMU (KQEMU) kernel module. 2 To run the proper system daemons. On RedHat-like systems: $ /etc/init.d/kqemu start $ /etc/init.d/qemu start $ /etc/init.d/libvirtd start 3 To be able to gain root privileges. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 24 / 45
    • Examples: QEMU capabilities I Going to print QEMU capabilities. 1 Gain root privileges. 2 With virsh command: $ virsh -r -c "qemu:///session" capabilities 3 With the Python APIs: 1 Start the Python interpreter. $ python 2 Import the libvirt module. >>> import libvirt 3 Open a (read-only) connection to the QEMU hypervisor. >>> con = libvirt.openReadOnly("qemu:///system") 4 Print capabilities to standard output. >>> print con.getCapabilities(), "n" 4 An XML output should appear: Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 25 / 45
    • Examples: QEMU capabilities II <capabilities> <host> <cpu> <arch>x86_64</arch> </cpu> </host> <guest> <os_type>hvm</os_type> <arch name=’i686’> <wordsize>32</wordsize> <emulator>/usr/bin/qemu</emulator> <machine>pc</machine> <machine>isapc</machine> <domain type=’qemu’> </domain> </arch> <features> Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 26 / 45
    • Examples: QEMU capabilities III <pae/> <nonpae/> <acpi default=’on’ toggle=’yes’/> <apic default=’on’ toggle=’no’/> </features> </guest> <guest> <os_type>hvm</os_type> <arch name=’x86_64’> <wordsize>64</wordsize> <emulator>/usr/bin/qemu-system-x86_64</emulator> <machine>pc</machine> <machine>isapc</machine> <domain type=’qemu’> </domain> <domain type=’kqemu’> </domain> Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 27 / 45
    • Examples: QEMU capabilities IV </arch> <features> <acpi default=’on’ toggle=’yes’/> <apic default=’on’ toggle=’no’/> </features> </guest> ... </capabilities> Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 28 / 45
    • Examples: QEMU domain list Going to print the list of the installed QEMU domains. 1 Gain root privileges. 2 With virsh command: $ virsh -r -c "qemu:///session" list --all --all includes inactive domains. 3 With the Python APIs: 1 Start the Python interpreter. $ python 2 Import the libvirt module. >>> import libvirt 3 Open a (read-only) connection to the QEMU hypervisor. >>> con = libvirt.openReadOnly("qemu:///system") 4 Print capabilities to standard output. >>> print con.listDefinedDomains(), "n" 4 A list of id, name, execution status triples should appear as output. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 29 / 45
    • Examples: DSL on QEMU I Going to run Damn Small Linux (DSL) [4] inside QEMU. 1 Download a DSL iso image $ GET http://.../current/current.iso > dsl.iso 2 Create a QEMU image file (100MB should suffice) $ qemu-img create -f qcow2 dsl.qcow2 100MB 3 Create the XML configuration file dsl-kqemu.xml for describing the DSL image. <?xml version="1.0"?> <domain type=’kqemu’> <name>KQEmu-DSL-i686</name> <uuid>c7a5fdbd-cdaf-9455-926a-d65c16db1809</uuid> <memory>65536</memory> <currentMemory>32768</currentMemory> <vcpu>1</vcpu> <os> <type arch=’i686’ machine=’pc’>hvm</type> Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 30 / 45
    • Examples: DSL on QEMU II <boot dev=’cdrom’/> </os> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> <disk type=’file’ device=’cdrom’> <source file=’/path/to/vm/iso/dsl.iso’/> <target dev=’hdc’/> <readonly/> </disk> <disk type=’file’ device=’disk’> <source file=’/path/to/vm/images/dsl.qcow2’/> <target dev=’hda’/> </disk> <interface type=’network’> <source network=’default’/> </interface> <graphics type=’vnc’ port=’-1’/> Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 31 / 45
    • Examples: DSL on QEMU III </devices> </domain> For generating a UUID it is possible to use the uuidgen command. Without libvirt, the QEMU command would be: $ qemu-system-x86_64 -M pc -m 64 -smp 1 -name KQEmu-DSL-i686 -cdrom dsl.iso -hda dsl.qcow2 -boot d 4 Run DSL on QEMU virsh -c qemu:///system create dsl-kqemu.xml 5 Now it is possible to manage the newly created VM. For instance, open a VNC session $ virsh -c qemu:///system vncdisplay KQEmu-DSL-i686 $ vncviewer 127.0.0.1:0 6 Shutdown DSL on QEMU virsh -c qemu:///system destroy KQEmu-DSL-i686 Note: it seems the shutdown command doesn’t work! Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 32 / 45
    • Examples: Xen The syntax is very similar to the one used for QEMU: List of Xen capabilities: $ virsh -r -c "xen:///" capabilities List of local domains: $ virsh -r -c "xen:///" list --all ... What changes is the content of the XML configuration file and the URI. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 33 / 45
    • Example: Remote Management with SSH 1 Create your local public key pair. $ ssh-keygen -t rsa 2 Copy the public key to a remote host. $ ssh-copy-id -i ~/.ssh/id_rsa.pub root@remote-host 3 Start the libvirt daemon. $ ssh root@remote-host $ /etc/init.d/libvirtd start 4 Issue a command to the libvirt daemon. $ virtsh -r -c xen+ssh://root@remote-host/ list --all The first three steps are to be done only once. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 34 / 45
    • Conclusions: Pros & Cons Strong points: Abstraction: support different hypervisors. Isolation: isolates from hypervisor API changes. Portability: Linux, Windows and Mac OS-X clients. Security: TLS + x509, Kerberos, SSH, PolicyKit. Active community. Is the core of several Red-Hat virtualization softwares. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 35 / 45
    • Conclusions: Pros & Cons Weak points: Abstraction: might loose some hypervisor features. Lack of documentation. No tutorials. APIs poor documented. ⇒ You have to learn-by-examples (see libvirt sources and Red-Hat virt-manager) For remote management, the libvirtd daemon must be running (with root privileges) on every remote host that needs to be managed. Moreover, the libvirtd daemon is needed by QEMU because it has to do lots of privileged jobs, such as starting QEMU with permission to use /dev/kvm, accessing disks and logical volumes in /dev, creating TAP devices, creating bridge devices, and much more. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 36 / 45
    • Conclusions: libvirt Companions The Red Hat’s Emerging Technology group includes other interesting projects: virt-manager: graphical desktop-based virtual machine management. python-virtinst: guest installation manager. virt-viewer: secure guest console access. virt-install: virtual machines provisioner. virt-clone: virtual machine images cloner. virt-image: virtual machine images creator (from XML files or interactively). oVirt: Web-based virtual machine management. All of them rely on libvirt. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 37 / 45
    • Conclusions Questions? Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 38 / 45
    • Conclusions Grazie! Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 39 / 45
    • References I [1] The Linux Containers (LXC). http://lxc.sourceforge.net/. [2] The OpenVZ Linux Containers. http://wiki.openvz.org/. [3] AMD. AMD-VTM Nested Paging. Technical report, Advanced Micro Devices (AMD), Inc., July 2008. [4] John Andrews. Damn Small Linux (DSL). http://www.damnsmalllinux.org. [5] Fabrice Bellard. The QEMU processor emulator. http://bellard.org/qemu/. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 40 / 45
    • References II [6] David Chisnall. The Definitive Guide to the Xen Hypervisor. Prentice Hall, 2007. [7] Inc. Citrix Systems. The Xen hypervisor. http://www.xen.org/. [8] Microsoft Corporation. Microsoft Hyper-V. http://www.microsoft.com/windowsserver2008/en/us/virtualization- consolidation.aspx?pf=true. [9] Inc. Distributed Management Task Force (DMTF). Common Information Model (CIM). http://www.dmtf.org/standards/cim/. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 41 / 45
    • References III [10] Gerd Hoffmann. Xenner: Xen emulator for KVM. http://kraxel.fedorapeople.org/xenner/. [11] Herbert Pötzl. Linux v-server. http://linux-vserver.org/Welcome_to_Linux-VServer.org. [12] Inc. Qumranet. The Kernel based Virtual Machine (KVM). http://kvm.qumranet.com/. [13] Inc. Red Hat. The Red Hat’s Emerging Technology group. http://www.dmtf.org/standards/cim/. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 42 / 45
    • References IV [14] Inc. Sun Microsystems. Libvirt for LDoms 1.0.1 administration guide. http://docs.sun.com/app/docs/doc/820-3838-10. [15] Inc. Sun Microsystems. Logical domains (LDoms). http://www.sun.com/servers/coolthreads/ldoms/. [16] Inc. VMware. VMware CIM APIs. http://www.vmware.com/support/developer/cim-sdk/. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 43 / 45
    • Extras: Nested Paging Introduced by AMD [3]. Virtual Machines (VMs) don’t have native direct access to the host server memory As a result, a hypervisor ends up virtualizing a “read only” layer of memory between physical memory and the page tables in the guest OS, which is known as shadow paging. Shadow pages requires CPU and memory, adding extra performance overhead. With Nested Paging, a page table in the hardware takes care of the translation between the guest address of a VM and the physical address, reducing the overhead. Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 44 / 45
    • Extras: CIM vs. libvirt CIM and libvirt both provide a hypervisor-agnostic abstraction layer for writing tools. Nevertheless, there are a few major differences: CIM is an abstract model, with representations built on XML, and usable in a language-agnostic way. libvirt is quite closely tied to C. CIM is a standard defined by a working group representing multiple vendors. libvirt began life as a wrapper around xm and has grown to a more general interface. It is still quite closely tied to the Xen way of doing things, however. CIM is a large specification, and the virtualization parts are only a small fraction of the whole. libvirt is designed exclusively for managing virtualization. CIM lets to easily and flexibly add support for managing virtualization to a CIM-aware management tool. libvirt is extensible “only” through the bindings it provides (though the set of supported languages is pretty large). Marco Guazzone (DCS) libvirt: A virtualization API September 8, 2008 45 / 45