Red Hat Bugzilla – Bug 463305
RFE: [LTC 6.0] 201350:Linux Containers: libvirt support
Last modified: 2010-07-02 15:23:37 EDT
Emily J. Ratliff <email@example.com> - 2008-09-16 18:27 EDT
1. Feature Overview:
Feature Id: 
a. Name of Feature: Linux Containers: libvirt support
b. Feature Description
Add Linux Containers as another virtualization domain to libvirt. Includes adding the necessary
extensions to define, create, modify, configure, stop and destroy a Linux container.
2. Feature Details:
Arch Specificity: Purely Common Code
Delivery Mechanism: Direct from community
Request Type: Package - Update Version
d. Upstream Acceptance: In Progress
Sponsor Priority 1
f. Severity: High
IBM Confidential: no
Code Contribution: 3rd party code
g. Component Version Target: libvirt 0.4.4 or later
3. Business Case
libvirt support for containers enables Linux Containers to be managed through virt-manager as well
as, though libvirt-cim set of providers by IBM management products (IBM Director/Tivoli)
4. Primary contact at Red Hat:
5. Primary contacts at Partner:
Project Management Contact:
Mike Wortman, firstname.lastname@example.org, 512-838-8582
Vivek Kashyap, email@example.com
Warren Grunbok II, firstname.lastname@example.org
FYI, the container support in libvirt-0.4.5 is very promising but there is significant development required before I'd consider it an enterprise quality solution - development both in the kernel & libvirt.
A general overview of state as of writing this comment can be seen in this mail
Kaitlin, assigning to you since this is for libvirt.
libvirt 0.4.6.2 and libvirt-cim 0.5.2 provide the function required here.
libvirt needs iproute2 for containers with networking support.
libvirt-cim is dependent on the following:
libvirt version >= 0.4.6.2
libcmpiutil version >= 0.4
tog-pegasus version >= 2.7.0
FYI, state of upstream LXC driver in libvirt
- Core libvirt APIs available
- Ability to use cgroups devices, memory, cpu & cpuacct controllers for resource limitation
- Ability to add private filesystem mounts within the container
- Private /dev/pts within the container
- Private network interfaces within the container, bridged or NATd to LAN.
- Two potential use cases for LXC driver
1. Resource isolation of application workloads (memory, cpu, networking)
2. Virtual OS containers
As of current kernel 2.6.30, only the first use case can be considered feasible for a real world usage. There are still several kernel features missing, before the 'Virtual OS containers' use case can be considered secure & until it is secure, it cannot be used in real world. At the very least we need user namespaces, such that user IDs inside the container are separate from those outside. I don't see the kernel changes for user namespaces being ready in time for RHEL-6.
Thus from a libvirt POV, it would be feasible to include the LXC driver in RHEL-6 *provided* it is clear that the only intended use case is resource isolation for applications. Virtual OS containers must remain out of scope of support until kernel develops further.
There would also need to be a significant testing effort for the LXC driver in libvirt to make sure the driver itself is robust, and that the kernel resource controllers are actually working as intended.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
LXC support is actually compiled in libvirt-0.7.1-2 on all arches,
and that should be available on RHEL-6 Alpha 2 . I suggest to double
check this when Alpha 2 comes out and report,
IBM is signed up to test and provide feedback
Fixed in 'libvirt-0.7.1-2.el6'. 'libvirt-0.7.1-2.el6.2' included in compose 'RHEL6.0-20091029.0'.
Moving to ON_QA.
Verified PASSED with libvirt-0.8.1-10.el6(has provided the support for LXC, tested on x86_64 and i386).
Red Hat Enterprise Linux Beta 2 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.