Hypervisor Connections
A connection is the primary or top level object in the libvirt API.
The connection is represented with the virConnectPtr object and identified by a URI.
Guest domains
the connection object provides APIs to enumerate the guest domains, create new guest domains and manage existing domains. A guest domain is represented with virDomainPtr object and has a number of unique identifiers(URI).
Libvirt uses Uniform Resource Identifiers (URIs) to identify hypervisor connections. Both local and remote hypervisor are addresses by libvirt using URIs. The URI scheme and path defines the hypervisor to connect to, while the host part of the URI determines where it is located.
Connect to a remote Xen hypervisor on host node.example.com using ssh tunneled data transport and ssh username root:
xen+ssh://root@node.example.com/
Driver model
Each implementation is refereed to as a driver.
When obtaining a instance of the virConnectPtr(which is connecting to hypervisor)object, the application developer can provide a URI to determine which hypervisor driver is activated.
Hypervisor drivers
*Xen: a single system driver runs in the Dom0 host talking directly to a combination of the hypervisor, xenstored and xend.
Example local URI scheme xen:///
* Remote: to secure RPC service talking to a libvirtd daemon.
Encryption and authentication using a choice of TLS, x509 certificates, SASL(GSSAPI/Kerberos) and SSH tunneling. URIs follow the scheme of the desired driver, but with a hostname filled in, and a data transport name appended to the URI scheme.
Example URI to talk to Xen over a TLS channel xen+tsls://somehostname/
- virConnectPtr: represent a connection to an hypervisor.
- virDomainPtr: represent one domain either active or defined (i.e. Existing as permanent config file and storage but not currently running on that node).
- The function virConnectListDomains allows to list all the IDs for the domains active on this hypervisor.
- virNetWorkPtr: represent one network either active or defined.
The function virConnectListNetworks allows to list all the virtualization networks actived on this node.
- virStorageVolPtr: represent one storage volume, ususally this is used as a block device available to one of the domains. The function virStorageVolLookupByPath allows to find the object based on its path on the node.
- virStoragePoolPtr: represent a storage pool, i.e. a logical area which can be used to allocate and store storage volumes. The function virStoragePoolLookupByVolume allows to find the storage pool containing a given storage volume.
Libvirt driver
– LXC: The native Linux container based virtualization technology, available with Linux kernels since 2.6.25. A single privileged system driver runs in the host talking to the kernel. Example privileged URI scheme lxc:///
Python API bindings
-
- The python binding should be complete and are mostly automatically generated from the formal description of the API in XML.
- The bindings are articulated around 2 classes virConnect and virDomain mapping to the C types.
- Functions in the C API taking either type as argument then becomes mehods for the classes, their name is just stipped from the virConnect or virDomain(Get) prefix and the first letter gets converted to lower case.
- for example the C functions:
- int virConnectNumbOfDomains (virConnectPtr conn);
- int virDomainSetMaxMemory (virDomainPtr domain, unsigned long memory);
- ************Become ************
- virConn :: numOfDomains(self)
- virDomain :: setMaxMemory(self, memory)
- virEventRemoveHandle
- Security Connection
- A connection will be classified secure if it is either encrypted or it is running on a channel which is not vulnerable to eavsdropping.
- Event loop integration
- the libvirt APIs use a basic request/response architecture that is generally synchronous.
- That is, a libvirt application calls a libvirt API(the request) which doesn’t return until the action is complete(the response).
- However, a libvirtd server can also generate asynchronous messages and send them to the libvirt application;
- a typical usage of these messages is to inform the libvirt client when a domain has undergone a lifecycle change(like shutdown or restart).
- The libvirt event loop APIs allow an application to register for these asynchronous events and properly handle them.
- The virEventRegisterImpl API registers a set of callbacks that libvirt will call when adding, updating, or removing a handle to watch.
- Glossary of Terms
- Domain – an instance of an operating system running on a virtualized machine provided by the hypervisor.
- Hypervisor – a layer of software allowing virtualization of a node in a set of virtual machines, which may have different configurations to the node itself.
- Node – a single physical server. Nodes may be any one of many different type, and are commonly referred to by their primary purpose. Examples are storage nodes, cluster nodes, and database nodes.
- Storage Pool – a collection of storage media, such as physical hard drives. A storage pool is sub-divided into smaller containers called Volumes, which may then be allocated to one or more Domains.
- Volume – a stroage space, allocated from a Storage Pool. A Volume may be assigned to one or more Domains for use, and are commonly used inside Domains as virtual hard drives.
- CGroups
Using CGroups with libvirt
CGroups is a generic mechanism the kernel provides for grouping of processes and applying controls to those groups.
The grouping is done via a virtual file-system called “cgroup”.
Within this file-system, each directory defines a new group.
因此,groups通过创建一个新的子目录去重组成一个任意的嵌套式的层次体系。
Thus groups can be arranged to form an arbitrarily nested hierarchy simply by creating new sub-directories.
Tunables(改变参数) within a cgroup are provide by what the kernel calls ‘controllers‘, with each controller able to expose one or more tunable or control.
When mounting the cgroups files-system it is possible to indicate what controllers are to be activated.
With each mount point having a different set of(non-overlapping) controllers.
This key idea is that this allows the administrator to construct differing group hierarchies for different sets of controller/tunables.
memory: Memory controller- Allows for setting limits on RAM and swap usage and querying cumulative usage of all processes in the group.
cpuset: CPU set controller- Binding of processes within a group to a set of CPUs and controlling migration between CPUs.
cpuacct: CPU accounting controller- Information about CPU usage for a group of processes.
cpu: CPU schedule controller- Controlling the prioritization of processes in the group.
devices: Devices controller- Access control lists on character and block devices.
freezer: Freezer controller- Pause and resume execution of processes in the group. Think of it as SIGSTOP for the whole group.
net_cls: Network class controller- Control network utilization by associating processes with a ‘tc’ network class.
- /libvirt/src/xenxs/xen_xm.c
- — Xen XM parsing functions, which basically grab information from config file object. and then turn a config record into a lump of XML describing the domain, suitable for later feeding for virDomainCrateXML
- /libvirt/src/xenxs/xen_sxpr.c
- — Xen SEXPR(S-Expression rountines, Security model expression routines) parsing functions,
- /libvirt/src/util/
- — A collection of shared APIs that can be used by any code. this directory is always in the include path for all things built.
- authhelper.c: authentication related utility functions
- cgroup.c: Tools for managing cgroups.
- buf.c: buffers for libvirt
- command.c: Child command execution
- conf.c: parser for a subset of the Python encoded Xen configuration files
- dnsmasq.c && ebtables.c : based on iptables.c
- event.c: event loop for monitoring file handles
- event_poll.c: event loop for monitoring file handles
- hash.c: chained hash tables for domain and domain/connection deallocations
- hooks.c: implementation of the synchronous hooks support
- interface.c: interface support functions // chgIfaceFlags originated from bridge.c
- iohelper.c: Helper program to perform I/O operations on files
- json.c: JSON object parsing/formatting
- memory.c: safer memory allocation
- network.c: network helper APIs for libvirt
- sexpr.c : S-Expression routines to communicate with the Xen Daemon
