Bug 463305

Summary: RFE: [LTC 6.0] 201350:Linux Containers: libvirt support
Product: Red Hat Enterprise Linux 6 Reporter: IBM Bug Proxy <bugproxy>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 6.0CC: anton, berrange, dyuan, ejratl, jjarvis, syeghiay, veillard, xen-maint
Target Milestone: alphaKeywords: FutureFeature
Target Release: 6.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: libvirt-0.7.1-2.el6 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-02 19:23:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 356741, 554559, 555199, 555224    

Description IBM Bug Proxy 2008-09-22 21:00:36 UTC 
=Comment: #0=================================================
Emily J. Ratliff <emilyr.com> - 2008-09-16 18:27 EDT
1. Feature Overview:
Feature Id:	[201350]
a. Name of Feature:	Linux Containers: libvirt support
b. Feature Description
Add Linux Containers as another virtualization domain to libvirt. Includes adding the necessary
extensions to define, create, modify, configure, stop and destroy a Linux container.

2. Feature Details:
Sponsor:	Xen
Architectures:
x86
x86_64
ppc64

Arch Specificity: Purely Common Code
Delivery Mechanism: Direct from community
Category:	Xen
Request Type:	Package - Update Version
d. Upstream Acceptance:	In Progress
Sponsor Priority	1
f. Severity: High
IBM Confidential:	no
Code Contribution:	3rd party code
g. Component Version Target:	libvirt 0.4.4 or later

3. Business Case
libvirt support for containers enables Linux Containers to be managed through virt-manager as well
as, though libvirt-cim set of providers by IBM management products (IBM Director/Tivoli)

4. Primary contact at Red Hat: 
John Jarvis
jjarvis

5. Primary contacts at Partner:
Project Management Contact:
Mike Wortman, wortman.com, 512-838-8582

Technical contact(s):
Vivek Kashyap, vivk.com

IBM Manager:
Warren Grunbok II, grunbok.com
Comment 2 Daniel Berrangé 2008-09-23 09:04:13 UTC 
FYI, the container support in libvirt-0.4.5 is very promising but there is significant development required before I'd consider it an enterprise quality solution - development both in the kernel & libvirt. 

A general overview of state as of writing this comment can be seen in this mail

https://lists.linux-foundation.org/pipermail/containers/2008-September/013237.html
Comment 3 IBM Bug Proxy 2009-02-05 05:00:41 UTC 
Kaitlin, assigning to you since this is for libvirt.

libvirt 0.4.6.2 and libvirt-cim 0.5.2 provide the function required here.
Comment 4 IBM Bug Proxy 2009-02-05 21:00:38 UTC 
libvirt needs iproute2 for containers with networking support.

libvirt-cim is dependent on the following:

libvirt              version >= 0.4.6.2
libcmpiutil       version >= 0.4
tog-pegasus   version >= 2.7.0
Comment 5 Daniel Berrangé 2009-06-04 09:57:57 UTC 
FYI, state of upstream LXC driver in libvirt

 - Core libvirt APIs available
 - Ability to use cgroups devices, memory, cpu & cpuacct controllers for resource limitation
 - Ability to add private filesystem mounts within the container
 - Private /dev/pts within the container
 - Private network interfaces within the container, bridged or NATd to LAN.
  - Two potential use cases for LXC driver
     1. Resource isolation of application workloads (memory, cpu, networking)
     2. Virtual OS containers

As of current kernel 2.6.30, only the first use case can be considered feasible for a real world usage. There are still several kernel features missing, before the 'Virtual OS containers' use case can be considered secure & until it is secure, it cannot be used in real world. At the very least we need user namespaces, such that user IDs inside the container are separate from those outside.  I don't see the kernel changes for user namespaces being ready in time for RHEL-6.

Thus from a libvirt POV, it would be feasible to include the LXC driver in RHEL-6 *provided* it is clear that the only intended use case is resource isolation for applications. Virtual OS containers must remain out of scope of support until kernel develops further.

There would also need to be a significant testing effort for the LXC driver in libvirt to make sure the driver itself is robust, and that the kernel resource controllers are actually working as intended.
Comment 6 RHEL Program Management 2009-08-03 20:18:54 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 7 Daniel Veillard 2009-09-21 11:50:29 UTC 
LXC support is actually compiled in libvirt-0.7.1-2 on all arches,
and that should be available on RHEL-6 Alpha 2 . I suggest to double
check this when Alpha 2 comes out and report,

  thanks,

Daniel
Comment 8 John Jarvis 2009-10-15 15:00:17 UTC 
IBM is signed up to test and provide feedback
Comment 9 releng-rhel@redhat.com 2009-10-30 22:11:47 UTC 
Fixed in 'libvirt-0.7.1-2.el6'. 'libvirt-0.7.1-2.el6.2' included in compose 'RHEL6.0-20091029.0'.
Moving to ON_QA.
Comment 10 dyuan 2010-06-24 09:29:42 UTC 
Verified PASSED with libvirt-0.8.1-10.el6(has provided the support for LXC, tested on x86_64 and i386).
Comment 11 releng-rhel@redhat.com 2010-07-02 19:23:37 UTC 
Red Hat Enterprise Linux Beta 2 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.
Comment 12 Red Hat Bugzilla 2023-09-14 01:13:42 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days