[node-devel] CIM plugin for oVirt Node

Daniel Veillard veillard at redhat.com
Mon Jan 30 13:45:40 UTC 2012 

  Hi everybody,

I guess the best is to ask Chip Vincent about those oVirt Node
integration issues. CIM is not always trivial to setup in a normal
RHEL environment, and I'm afraid nobody tried it on a read-only
root/stateless environment. Chip I think the expertise from some
of your libvirt-cim team is needed there, I guess the best is to provide
an image to someone knowledgeable in the set-u and have him check
the issues. Maybe Eduardo ro you can have a look ?

  thanks !

Daniel

On Sun, Jan 29, 2012 at 10:39:03AM -0500, Perry Myers wrote:
> One of the items on our backlog has been to include CIM server/providers
> on oVirt Node.  Initially we'll do this statically and include things
> like sblim, tog-pegasus, libvirt-cim as part of the core Node recipe.

P.S.: shouldn't only one of sblim/tog-pegasus be needed and not both ?
      One server should be sufficient isn't it and the goal is still
      to limit the size of images. Which one to pick may be the result
      of which one is the easier to coerce to work in root RO mode,
      or the smaller of the two ...

> Later, we can use the 'plugin' concept so that this functionality can be
> added by those that need it, and for those that don't they can ignore.
> 
> Some questions have come up around this point, and since the Node team
> aren't CIM experts, we wanted to reach out to folks that have been using
> it a little more heavily to make sure we're on the right track.
> 
> Some of the technical things we've run into are:
> 
> 1. Our initial attempt at getting tog-pegasus and friends running
>    failed due to lots of issues with r/o root filesystem.  Might need
>    help from folks more knowledgeable about CIM to halp resolve that.
> 
>    Anthony, I think you might have some kickstart snippets that would
>    be of use here, correct?
> 
> 2. Once you've got the CIM server there (tog-pegasus) you need to have
>    some way to enable/disable it, which right now isn't easy to do
>    except via offline image manipulation (since you can't persist
>    symlinks in stateless Linux).
> 
> 3. When the CIM server is enabled, need to unblock the appropriate
>    firewall port, which again is not trivial to do given the stateless
>    nature of the Node via tools like lokkit.  (Perhaps firewalld will
>    make this easier, but for now firewalld doesn't look mature enough
>    to begin using in earnest)
> 
> 4. How should CIM be secured and configured for authentication?  Do we
>    need to provide some mechanism for deploying SSL client certs into
>    the Node for tog-pegasus to use?  What about setting simple
>    user/pass auth?
> 
> 5. What sort of other configuration should be exposed for CIM
>    providers?
> 
> Geert/Anthony/DV, if you guys have thoughts on the above questions or
> can point us at other people to loop into this thread, that would be
> helpful.
> 
> Thanks!
> 
> Perry

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

More information about the node-devel mailing list