[node-devel] CIM plugin for oVirt Node

Eduardo Lima (Etrunko) eblima at linux.vnet.ibm.com
Tue Jan 31 13:07:47 UTC 2012 

On 01/30/2012 11:45 AM, Daniel Veillard wrote:
>   Hi everybody,
> 
> I guess the best is to ask Chip Vincent about those oVirt Node
> integration issues. CIM is not always trivial to setup in a normal
> RHEL environment, and I'm afraid nobody tried it on a read-only
> root/stateless environment. Chip I think the expertise from some
> of your libvirt-cim team is needed there, I guess the best is to provide
> an image to someone knowledgeable in the set-u and have him check
> the issues. Maybe Eduardo ro you can have a look ?
> 

Hi there,

Copied to this email is Leonardo Garcia, which is works on a project
with similar requirements as described. I am sure he and the team have
already been through may of these problems described. In a quick
conversation he explained me that pegasus requires some configuration
files to be persistent, and these are stored in a partition that is
mounted in boot time.

I have forwarded him the entire conversation so he give his thoughts
about it.

Best regards, Eduardo.

>   thanks !
> 
> Daniel
> 
> On Sun, Jan 29, 2012 at 10:39:03AM -0500, Perry Myers wrote:
>> One of the items on our backlog has been to include CIM server/providers
>> on oVirt Node.  Initially we'll do this statically and include things
>> like sblim, tog-pegasus, libvirt-cim as part of the core Node recipe.
> 
> P.S.: shouldn't only one of sblim/tog-pegasus be needed and not both ?
>       One server should be sufficient isn't it and the goal is still
>       to limit the size of images. Which one to pick may be the result
>       of which one is the easier to coerce to work in root RO mode,
>       or the smaller of the two ...
> 
>> Later, we can use the 'plugin' concept so that this functionality can be
>> added by those that need it, and for those that don't they can ignore.
>>
>> Some questions have come up around this point, and since the Node team
>> aren't CIM experts, we wanted to reach out to folks that have been using
>> it a little more heavily to make sure we're on the right track.
>>
>> Some of the technical things we've run into are:
>>
>> 1. Our initial attempt at getting tog-pegasus and friends running
>>    failed due to lots of issues with r/o root filesystem.  Might need
>>    help from folks more knowledgeable about CIM to halp resolve that.
>>
>>    Anthony, I think you might have some kickstart snippets that would
>>    be of use here, correct?
>>
>> 2. Once you've got the CIM server there (tog-pegasus) you need to have
>>    some way to enable/disable it, which right now isn't easy to do
>>    except via offline image manipulation (since you can't persist
>>    symlinks in stateless Linux).
>>
>> 3. When the CIM server is enabled, need to unblock the appropriate
>>    firewall port, which again is not trivial to do given the stateless
>>    nature of the Node via tools like lokkit.  (Perhaps firewalld will
>>    make this easier, but for now firewalld doesn't look mature enough
>>    to begin using in earnest)
>>
>> 4. How should CIM be secured and configured for authentication?  Do we
>>    need to provide some mechanism for deploying SSL client certs into
>>    the Node for tog-pegasus to use?  What about setting simple
>>    user/pass auth?
>>
>> 5. What sort of other configuration should be exposed for CIM
>>    providers?
>>
>> Geert/Anthony/DV, if you guys have thoughts on the above questions or
>> can point us at other people to loop into this thread, that would be
>> helpful.
>>
>> Thanks!
>>
>> Perry
> 


-- 
Eduardo de Barros Lima
Software Engineer, Open Virtualization
Linux Technology Center - IBM/Brazil
eblima at br.ibm.com

More information about the node-devel mailing list