[node-devel] CIM plugin for oVirt Node

Charles_Rose at Dell.com Charles_Rose at Dell.com
Mon Jan 30 14:59:32 UTC 2012 


On Monday 30 January 2012 08:12 PM, Perry Myers wrote:
> On 01/30/2012 08:45 AM, Daniel Veillard wrote:
>>   Hi everybody,
>>
>> I guess the best is to ask Chip Vincent about those oVirt Node
>> integration issues. CIM is not always trivial to setup in a normal
>> RHEL environment, and I'm afraid nobody tried it on a read-only
>> root/stateless environment. Chip I think the expertise from some
>> of your libvirt-cim team is needed there, I guess the best is to provide
>> an image to someone knowledgeable in the set-u and have him check
>> the issues. Maybe Eduardo ro you can have a look ?
>>
>>   thanks !
>>
>> Daniel
>>
>> On Sun, Jan 29, 2012 at 10:39:03AM -0500, Perry Myers wrote:
>>> One of the items on our backlog has been to include CIM server/providers
>>> on oVirt Node.  Initially we'll do this statically and include things
>>> like sblim, tog-pegasus, libvirt-cim as part of the core Node recipe.
>>
>> P.S.: shouldn't only one of sblim/tog-pegasus be needed and not both ?
>>       One server should be sufficient isn't it and the goal is still
>>       to limit the size of images. Which one to pick may be the result
>>       of which one is the easier to coerce to work in root RO mode,
>>       or the smaller of the two ...
> 
> I asked Anthony about this, and he explained it to me...  sblim is both
> a collection of CIM providers as well as a server.  tog-pegasus is just
> the server.
> 
> So you can either use:
> sblim + tog-pegasus
> or
> sblim + sblim-sfcb
> 
> If you omit sfcb from the oVirt Node, then you can use tog-pegasus in
> its place.  It's also my understanding that sblim-sfcb and tog-pegasus
> are not fully interchangeable as there are some providers that will only
> work with one or the other.  So far, it seems like tog-pegasus is what
> folks want specifically, so that is what we have been focusing on.

We have had issues with sfcb and tog-pegasus conflicting in the past:
	https://bugzilla.redhat.com/show_bug.cgi?id=604578

sblim + sblim-sfcb is what we needed and tog-pegasus was installed as
part of the @base install.

Charles

> 
> Perry
> 
>>> Later, we can use the 'plugin' concept so that this functionality can be
>>> added by those that need it, and for those that don't they can ignore.
>>>
>>> Some questions have come up around this point, and since the Node team
>>> aren't CIM experts, we wanted to reach out to folks that have been using
>>> it a little more heavily to make sure we're on the right track.
>>>
>>> Some of the technical things we've run into are:
>>>
>>> 1. Our initial attempt at getting tog-pegasus and friends running
>>>    failed due to lots of issues with r/o root filesystem.  Might need
>>>    help from folks more knowledgeable about CIM to halp resolve that.
>>>
>>>    Anthony, I think you might have some kickstart snippets that would
>>>    be of use here, correct?
>>>
>>> 2. Once you've got the CIM server there (tog-pegasus) you need to have
>>>    some way to enable/disable it, which right now isn't easy to do
>>>    except via offline image manipulation (since you can't persist
>>>    symlinks in stateless Linux).
>>>
>>> 3. When the CIM server is enabled, need to unblock the appropriate
>>>    firewall port, which again is not trivial to do given the stateless
>>>    nature of the Node via tools like lokkit.  (Perhaps firewalld will
>>>    make this easier, but for now firewalld doesn't look mature enough
>>>    to begin using in earnest)
>>>
>>> 4. How should CIM be secured and configured for authentication?  Do we
>>>    need to provide some mechanism for deploying SSL client certs into
>>>    the Node for tog-pegasus to use?  What about setting simple
>>>    user/pass auth?
>>>
>>> 5. What sort of other configuration should be exposed for CIM
>>>    providers?
>>>
>>> Geert/Anthony/DV, if you guys have thoughts on the above questions or
>>> can point us at other people to loop into this thread, that would be
>>> helpful.
>>>
>>> Thanks!
>>>
>>> Perry
>>
> 
> _______________________________________________
> node-devel mailing list
> node-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/node-devel
>

More information about the node-devel mailing list