[Kimchi-devel] Kimchi feedback

Paul Clarke pc at us.ibm.com
Thu Jun 5 18:33:31 UTC 2014 


On 06/05/2014 03:36 AM, Zhou Zheng Sheng wrote:
>>> It seems difficult to make a new ISO available, or I chose a poor way.
>>> - I downloaded from an FTP site requiring non-anonymous authentication
>>> - I scp'd it to root at host
>>> - I tried to use it from there, but I got permission denied "KCHISO0008E: The
>>> hypervisor doesn't have permission to use this ISO /root/..."
>>>
>>> - the message above recommends copying the file to /var/lib/libvirt, but I
>>> think you actually have to copy it to /var/lib/libvirt/images
>>>
>>> - you also need to "chown qemu" the ISO image
>>>
>>> After the above steps, it finally became visible and usable.
>>
>> For current kimchi security model design,
>> root users on behalf of console administrator, they are responsible for
>>       1. host setup for virtualization infrastructure and console administration
>>       2. virtualization resources setup
>>
>> I think this process should be streamlined for better user experience.
>> I recommend to make "chown qemu" transparent with kimchi to handle it automatically.
>
> The user also has to add "x" for QEMU on each level of the directory
> that contains the ISO image. Though this can be done by Kimchi
> automatically, it's possible that the user accidentally revokes the "x"
> from the directory and change the owner of the ISO image. The problem
> here is that the downloaded ISO is out of backend management.
>
> In this case, Kimchi is used as a desktop virtualization management
> soft. Libvirt already provides a "session" mode to solve desktop
> virtualization privilege problem. We can have the Kimchi backend create
> the VM in "session" mode, so that the VM gets the same privilege as the
> user, and it's able to read the ISO image.
>
> Another solution is that we provide an ISO upload interface to allow
> user to upload the image from his home directory to Kimchi backend. Then
> Kimchi store the image in /var/lib/libvirt/images and take over the
> control. This solution keeps Kimchi in the server virtualization way,
> which is its original orientation, to compete with XXWare server.

This may be complicated by limitations of HTTP.  There may be some sort 
of maximum size permitted which is at or below the typical size of an 
Linux installation ISO image.  I'm not knowledgeable in that area, but 
I've seen issues like that.

Regards,
Paul Clarke

More information about the Kimchi-devel mailing list