Bestand wählen
Merken

New Developments and Advanced Features in the Libvirt Management API

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
the when a when instead of saying I between working only live but projects for about 7 or 8 years now is the time just flies in the on and then it's a total of about so the liver projects and I get so and
about a number of features that we've developed over the last year also played a probably less well um but it's interesting and useful to application developers building specialization applications but I assume that and assume a low level of knowledge of the plant and metallization and but for those of you never
heard of that so is that it's courts stable C library
API and with the number of language bindings to have languages like
Perl Python Java
in the a panel and most most of the ones you do care about and some leaders don't care about there and this we we tried to we try to be a pretty simple to use API and we'll see what about Baccelli points is
that we are in a stable API and that means in the in science you live vote has been going we've never broken the
API and incompatible manner and so if you write an application today and the
goal is usually run as an application against it but in 10 years time and without problems
mean it's a cross platform API and its across hypervisor API
and we support so most hypervisors names and KVM
you zen and both the source and commercial versions of and and to some extent and the height of the VMware ESX the where tests all and all the other VMware variants that use the same API as close to
the and and power hypervisor Annex containers parallels this problem all I'm forgetting that you get you get a
message will work with cross Hypervisor portable and I well GPL-licensed the liquids that architecture and is basically 2 modes which about
works is what we call the stateless architecture and and this is why you just using the liberal arts library and is talking to some other external
system that's maintains the vocalization state and so this architecture is used most notably for the the and where ESX driver and the Microsoft Hyper-V driver because in both cases you've got some an external management server that is maintaining all information and motorization hosts so this talk that elected maintainable state forests then yeah the other type of architecture is
what we call the stateful architecture and this is what we use when there is no other
of component in the stack is maintaining state so we use this to cure mu KVM and so the open and integration and in this case the loop but library is talking to believe that the money and event demon maintains state about tialization Harris and you can see in this example of the application source that that's
library and the library users are generic RPC
mechanism so that the moon the lipid demon and talks to the Curia processes and In the case accumulates that also hear me about the and q mew monitor interface so so that's a very high level view of the architecture of in general that and I wanna get
us talking a bit about some of the interesting features that you may or may not be aware of the half million on that that's the yeah when when you're running virtual machines and bus majority of the time you have some
storage attached to the virtual machines
and and unless you really plus the file system inside emotion machine you don't want to have to the ends using the same as the same time because if you have EXT 3 file-system inside your guests and to just like that of same time young body data left that and so that's that's that's the scenario and now narrative scenarios involving tests is your single and and you're doing saying life migration from 1 place to another you know make sure that 1 motion machine doesn't up running on both halves of the same time as again that stuff is going to happen due dates it so lipids has some notion of access methods and associated with each disk and a disk can either be set up so it's read-only in which case it's safe to share amongst those many guests as you like and that this can be set up as
shared writable in which case and again it can be attached to multiple motion
machines but if you're using decision right moll you using a cluster file system or some other and foster some was
aware of the fact that you can have multiple Our writers at the same time the
all of the folds method of complete this sales as rewrite exclusive and in this case only 1 of the VN access and anyone disk image at a time lose the access modes now the dirty little secret that you may may not be aware of that's never never really enforce this very well that you can set up your disk as rewrites exclusive and liberty was never going to stop the running to guests using the same bestseller mirrors access modes of doing things notice that show the yeah so the past want to use really know we introduce a new structural of events and for all this lease or lock management and this is a way of actually enforcing this access loads the 1st implementation we did have this was using technology technology cosine law which was developed by on the
overt projects and san lock users on something called disk also algorithm and and
maintaining active leases on and virtual this and the actual the actual sound law and locking mechanism uses of distortion cytosolic fleshy looking your disk images directly you know you're quantity of storage was set aside as your and storage for holding leases and dynamics of the method application how they associate these with this image and if you can read the that the Sandler project so although you can use it and with storage on Fs the asset not maintain really don't like doing that we really want you to use science storage for maintaining and this is and and when you've integrated into the 1st this there's 2 ways it can work and what we call the manual approach and the automatic approach not in the manual approach the management applications say about is responsible for saying this leads is associated with this this carriage In a liberal distrust that's when it gets cold that information and so when the guest starts up live but will acquire all of the leases are associated with that and the and and only if administered manages to acquire all races will they have sort of actually succeed and this is a in
in the automatic marriage and you
have to do any special configuration and in automatic mode Lippert's will automatically creates 1 lease for each much of this people associated with your your guests and this pluses and minuses to using automatic road versus manual mode and if your application like reverse all OpenStack than manual mode is probably what using because it's gives you much greater control of exactly how your leases of a stored and maintained that he doing a lightweight virtualization management application and you don't want have to worry about this too much then the automatic mode would do what you need most of the time and 1 last thing about sound log and the sum of places and it's is an active least mechanisms of releases of being continually refreshed and so if there's any I O problems of and refreshing released and then that is detected immediately and the virtual machine is immediately fence by the new processes killed that that gives good response time to uh and storage failures or form looking problems whatever they may be in now 1 of the 1 of the limitations of standard approach I mentioned there is a goes that's the sum of developers only like using it was and storage so if you're and storage is all and has placed on some of the shared file system like plus the oral
and set whatever you might using some not for reusing the solution you want and so we develop this 2nd blocking like infinite that's what you call that look the and and this is not intended to be the default locking mechanism deliberate when you play at all hours in and in the absence of any other configuration and this just takes locks using the posits SC cncl locking mechanism being the on the requires that this deposits features supported by a file system the majority of file system
support this time when you you get the odd cases where and either not supported all possible developers slices using it and I think Oracle O CFs to was the last class is my hurdle when really like using SCNT unlocks account render the exact reason why but I'm in a majority of cases and this is going to be workable notion file system the and at this point in time it only works with an automatic and automatic method this is when the birds automatically determines what blocks are and the way we do that is based on the file all the and much of this backing store and we're we're we will either take a shot 256 patch of the final task and that's the full mechanism you can also tell it's and that's if you're using LDA and storages you'll have but you just you intend to do lots based on the LVM UUID and off using and Fibre Channel or some other the storage mechanism it intended to do lot space on the scuzzy and unique ID of love that just slightly better than doing it based on the final path because if you storage appears in different file Pavel different hosts then and the latter 2 mechanisms and stable across hosts plus slightly safer if q who is looking at the architecture
has and that change when you're kind of looking mode the answer is not really very much and that you're a new driver inside let's just sort of look even using a simple RPC mechanism so whenever you start a guest the 1st thing it does is it the but multi answers and acquire lock all of these disk images and only that succeeds with will URI process then actually started the and and these slots are also actually and release them reacquired whenever you pause virtual-machine uh which is the key to making migration work that's not enough
about this blocking the next thing I want to talk
about this and access control In historically
looked at a very simple access control mechanism and if you're talking to live but over Unix domain sockets you can either talk to it so that we could read only sockets or the read write sockets that basically does exactly what it sounds like it because if you talk to the read-only socket you can get information about the your virtual machines in your host the any changes in and it you told to the read write socket you can do whatever you like with no restrictions whatsoever this is fine for many applications and OpenStack over and those applications basically want you do anything at any time so that's the problem and other
applications and say the talk with the monitoring application that any a once we have the
access to the query by alive in but every now and then people crop up on a mailing list saying well we go do fine grained access control and so are we have to say user Frank can access the virtual machine and he can do X Y and Z operations on it so we developed and access control mechanism and about which allows you to express rules like that and his access control mechanism operates across all of the drivers that live inside with that statement that's KTN here mu lxy meaning and user-mode Linux anyone really uses that's still an who the access control mechanism doesn't affect the status drivers like VMware or height of the because that would be really pretty pointless to do something that would involve to ask access control in the liver to clients flowing around the access control just by talking directly to the endless of so we don't even attempt to access control follows radioactive control things well it that is the exclusive right of access to the functionality and the access control mechanism was done in a pluggable manner because we anticipate what over over time people will want to integrate with different and access control mechanisms and which we explicitly don't want allow closed-source out of tree plug-ins and all of the access control buttons and it works we will not be open source and maintained as a normal part of the liberal arts and care development process so although we are pluggable framework was a sort of free-for-all for anyone to do whatever they like and if you have other requirements for access control mechanisms comes about making this proposal and and we can work them into the and corner that relates the in so the 1st
and currently only access control mechanism we have it is based on policy gives and every every Lippert's API as 1 or more conditions associated with that's when he the API documentation it'll tell you exactly what conditions are required for which API and then we map was permissions into policy kids um actions so if you want the start commission on and the the main objects like it's not in the policy action cold all Lippert's API to make it got started and there's a whole bunch of these missions which you again find in the online API documentation for the words so you figure out what the mapping is running the eyes now and the same as any part of the information you need to know and was gonna identify the object your manager inside the virtual machine for example the and this 3 unique identifiers for virtual machine there's an integer ID and there's a human-friendly name or there's a globally unique uniform and unique identifier UUID harmed and very is a variety of different ways to identify the objects that you're wanting to control and finally even identify the use of different restrict access to and partly due to limitations of policy we can only identify local units you those and so this this mechanism is only useful if the finitary control is running on the same host of let's talk into it over the Unix domain sockets really need to know the local units user and the ideas and once you have all that information the mission we objects only use up you know and
defining some rules for managing its policy kids and has
a jobless scripts and and see your actual access control rules and of a written in JavaScript and in and the number of objects provided to you the than actually action object which tells you this 1 at the I think of it as a subject object which tells you the user is invoking it and eliminate the actual date has a number of properties so identified and the objects this short example I'm looking at API tool the mission of contact from green and user in ferreting myself and an looking at the next really only Annex C hypervisor with enabling them and all things match them we allow access if they don't match that we deny access I mean this is a supernova a trivial example that is not really the way you do it in the real world because if you have defined will be everything 11 individual permission for every individual objects you you get a job script file tens or hundreds of thousands of lines long if and so if you do use of real world you probably set of roles assigned and the final set of users which and same role set of objects which you are manager the same way and then write your also the American roles study groups of objects that would and readily compresses the amount of and rules you have to write we don't we don't provide a thing so particularly helpful lessons this time and physicists fairly new functionality we're really looking for people to
try it out and give us feedback on what works and what doesn't work and what's extra things would be helpful for that but to provide and this area in and know the reason why we
chose to use policy get was the 1st time and the 1st engine for access control is because we had the idea that if you guess right transferred back and well I'm using a right of jobs trips to integrate with held at that you would find all of your rules another database vendors query them use when jobs 15 repairs technical policy gets to held and rules database and all 1 and the other databases access control rules you might have once again we're looking for feedback on whether this actually works out in practice or whether we need to write a dedicated out authentication back ends as an alternative that we we need feedback on this area and doesn't the
access control now and and our at a little bit about found
experts as 1st is the generic term for our and socialization security there this started out with an implementation for as the limits and the idea here was that's you running running loss aversion machines 1st machine is that you and your process of here you while this is attempting to be secure all and if they've got the code exactly perfect but it might be secure but it's reassuring us that the cumulative is actually effects and this may come as a surprise to some people in my notes and the idea with semantics is that we have an extra line of defense In the event that there's some Florida you're mu but allows the castle them to break out into the host acidic so we used to confine that break out within and they within the
Curia process so like can compromise here music the common don't compromise the entire
host did and the of q mew
processes or also running as the
same user ID by default so if you are a Conway's 1 q and you can easily compromise all the other ones so as the Linux also actually protects class Pentagon won't get something like the other guests this and this is a been around for quite a while and but in the in the past year or 2 we made this a bit more flexible the given more choice over and the acid and its domain from users the that she now what's the both KB and and can you and emulation modes the and water and even if it's the defined customer of rights for those for the labeling so if it's if the standard residents policy doesn't work for you you can write a customers as events policy in tell about use that 1 instead being we've also made it possible to override the labeling on individual disk images city have some disk images you would have labeled 1 way or or another this unit labor that different ways you can you can now and so that was kind of rules and and the other thing about having the framework and we now
introduce the proper discretionary access control
mechanism and so a few minutes ago I said every q mew process once the same
his right knee well now it's possible to give them all their own unique user writing and so rely on traditional Unix commissioning so seperates and your cure processes securely and and you have Lippert's and current once cardiac assigned those those user ID is
podcasts and statically and little take care of dynamically setting
the ownership of the disk images and to match whatever use right gas runs on the the slightly related and a also not
entirely related and is called logging that if if you always keep
track of who's doing what universalization Harris you wanna know what you want 1 know what's operations of of happens the audit log provides a way to find this out so whenever live that starts or stops of emotion machine will generate an audit record that's that operation saying and when it starts at what incidents domain is running under and the UUID of the gas than a few other pieces of information it will also tell you how many vertices use I guess has and how much memory was assigned all of the disk images that were assigned to that test so you can look back in your old enough to say well which guess was accessing this disk image of what time means you can find out what networks is connected to when it started on whole blood operations were done I and what you find out what some see groups access control settings where were done for block storage this this 1 the audit information recorded about emotion machine any time any changes made to it so if you have an exploited the galactic audit logs and find out what what I guest was allowed to do that may help you diagnose the problem here is also general dividing and debug logging historically we we use sort assist uh but now and system B is available in many distributions we've integrated with the
system the journal so involved information we sent to the journal by
default if it's available and in a structured format so that makes it a lot easier to extract information from the logs for a radically and match on and anything right down to individual source file minds the the last thing a free time for romance is syrups integration now live but pregnancy C groups for quite a long time but the way we do that information was not really was already to useful it turns out in the 1st the way we laid out cigarettes of very deep hierarchy cause a lot of pathological kernel performance problems the sense
that time it was completely unusable if we had and largest in the
guests I'm more lots of just running the canon guys thankfully fixed most of the kernel all problems and the same time we simplify the wavelet that uses the groups to avoid tickling has come from the 1st place the and we know what 1 of the top example that was the review where it in its we was had 3 levels deep enough of C groups and I'm in a new way if you're not using a system the as we've got some 1 naming convention if you are using a system the host then we're a lot rely system beat creates leaders forests so the system the naming convention in the key takeaway is that at the very top level you got a lot of free group of the next level antibody a bunch machines so you cannot easily set of arbitrary groups of larger machines and and that of my resource controls the whole groups of the ends of the time and when you do this in
the XML configuration field tests you can
attain resource partitioning and that on a known system the host with napus insert and and a C group directory I'm using very straightforward and intention and since the initial tests as well and we really when that in using the system the naming conventions so the VM groups have long thought slice and appended to the name possess the system the name for our a generic resource for you can of the type of the and the devotion machines have telescope depended on the end of the name just on the source of this kind of 1 thousand 2 levels deeper grouping and and so you can multiple levels of grouping virtual machines and and once you once you set up your your secrets is there is a whole bunch of performance to have also become available to you the set of relative CPU weighting which is the new shares tunable or you can set up absolute time slices and most of them listening and quarter and the period
both this both in microsecond rightly In a related to
Tunis CP years and you can set up the named CPU models if you have some CPU model you would get you to get some generic default the KVM things aplicable and you another be making best use of the all a your intent or NBC features so that you really wanna set up named CPU models which is closely match your physical views as possible you use these every last ounce of velocity of calls did memory and this
is another another very important thing if you want to maximize the utilization of your hardware as dictated by the new machine if you're not doing um numer placements then your straight away and the
benefits of the machine in the you can control this manually by telling that that's
what the memory nodes you want said at the end of
or you can tell me what do it automatically then the automatic case the model talks about something called him the and this is just a very simple odel at the moment when the this Newman notice that a lot of
resources for what is the average and it is also 1 have control over what you want
to use huge pages and
again this this give you a bit of a performance benefits although with sort of string kernels you now have automatic huge page supports there's not as much benefit doing huge page manually anymore the and you can also turn on and off there the memory sharing so if you have lots of pleasure machines all running same software stack chances are legal lot of memory pages which have the same data in them and so there's something called that a feature comparison which might
find as many pages which are identical an emergency you only have 1 copy of this memory
page shared amongst but multiple virtual machines and the gets the higher density of virtual machines this value can squeeze more what machines into your and who the and what they can also define various limits on how memory is used by such machines and whether our shared physical rarely have uh I was the grass that guaranteed to have a a few other
things in the all and only the output disk you tho because at a whole bunch of policies against virtual disks insects
and how many I O operations per 2nd there about how much the and mean bytes per 2nd they're allowed and he also said there's only 1 of the 11 level as a whole serious if such machines using physical property prices you can even set of policy against individual physical plot devices will to and all of a disk so that the end users so that the end use on land lives on a block storage and so it
is but it has this is not the last
slide the old men where again dataset of various policies on and bandwidth utilization which just delegates to the next extract shape and that's basically it's less of wage floor of some of the features of live that arrived in the
last year that's a useful for application developers to know about the rest of your heart so now we gotta find 10 minutes for questions 5 5 minutes for questions if anyone has any the the OK again the
the 1 question that I got actually 3 questions the produce about talking about applications of about 1 simple application which is which which are like a little stress that man it's the best I can generate good with the shell and I can also you will use words miniature firmly lazy and about this whole thing is you told about the would probably related to worship you can blend implemented in the new feature in worship as well like like you said the bubble looking thing and think of like that at all part application like verify that's what the goal of our State as directly to the functionality to the Administrator we don't we inside we don't fully policy and that's what we want we really people control of the so we don't want to make use of this blocking they have to explicitly specify that in in the configuration they provide a bunch machines but there won't be something like an example of the option where can say do walking the election remained in the domains this cation Solomon locking because of the whole you have administrator you can turn on locking on the highest and all that machine bind the habitat loss properly you have but will like to do the the the little machine like this said about that mn looking thing that you have to do you have in Europe and explicitly specify the law in XML iteration but it's possible that and OK and then the 2nd I try to keep vote them you saw this book about policy kit and and and you have you thought about using them in a larger bill against in mobile and that yes we have but it's it doesn't really it is we do what we needed to do as far as I'm afraid I can't tell if and only if you said he think otherwise the freedom rides out of my response and I think efficiently tractable OK always and then use both the bulk of the units in the back and you want to use that x about the UDC the bag and yet the esthetic through with the bald local users but when I would use the yellow pages them the I can do that always had the opening of the use of having any application connected with the Unix domain sockets as a navigation anything over that the the sockets OK but if you make the main focus we can bring our query what the user ID on the other end of it and that the 3rd I'm quite sure about the the CPU mobile about the features like that they emanates for example that uh and all those things that the multithreaded perceive you so when I got the 1 CPU with that say 8 costs about got 16 we st can I use the the feature at 60 wins or just that nearly as paying a fee and actually doing what the impending firing of the you I can only go see the same feature set but it you can use them at the same time the mean of the virtualization take care of take care about alienating the lot but the this is is from this is that then can they use let's say this is the 4th 1 is something for all 60 machines ended yet with that I think I had a 5 questions that come find me haven't always opposite there have got questions
thank students you know what the
Total <Mathematik>
Virtualisierung
Ein-Ausgabe
Zahlenbereich
Kartesische Koordinaten
Projektive Ebene
Softwareentwickler
Informationsmanagement
Computeranimation
Übergang
Schnelltaste
Stabilitätstheorie <Logik>
Punkt
Formale Sprache
Zahlenbereich
Systemplattform
Computeranimation
Eins
Schnelltaste
Formale Sprache
Witt-Algebra
Standardabweichung
Programmbibliothek
Hypercube
Programmbibliothek
Abstimmung <Frequenz>
Schnelltaste
Formale Sprache
Standardabweichung
Witt-Algebra
Hypercube
Systemplattform
Kartesische Koordinaten
Programmbibliothek
Computeranimation
Portabilität
Softwaretest
ATM
Architektur <Informatik>
Open Source
Versionsverwaltung
Systemplattform
Flüssiger Zustand
Computeranimation
Schnelltaste
Witt-Algebra
Formale Sprache
Standardabweichung
Hypercube
Computerarchitektur
Programmbibliothek
Maßerweiterung
Parallele Schnittstelle
Mobiles Endgerät
Message-Passing
Leistung <Physik>
Architektur <Informatik>
Wald <Graphentheorie>
Hyper-V
Open Source
Physikalisches System
Computeranimation
Softwarewartung
Datenmanagement
Druckertreiber
Hydrostatischer Antrieb
Datentyp
Programmbibliothek
Server
Information
Computerarchitektur
Aggregatzustand
Loop
Architektur <Informatik>
Open Source
Programmbibliothek
Zusammenhängender Graph
Kartesische Koordinaten
Aggregatzustand
Computerarchitektur
Dämon <Informatik>
Ereignishorizont
Computeranimation
Aggregatzustand
Bit
Prozess <Physik>
Sichtenkonzept
Architektur <Informatik>
Default
Aggregatzustand
Computeranimation
Übergang
Spezialrechner
Virtuelle Maschine
Witt-Algebra
ATM
Programmbibliothek
Bus <Informatik>
Mini-Disc
Dämon <Informatik>
Schnittstelle
Softwaretest
Spezialrechner
Videospiel
Virtuelle Maschine
Migration <Informatik>
Mini-Disc
ATM
Default
Dateiverwaltung
Mini-Disc
Speicher <Informatik>
Computeranimation
Algorithmus
ATM
Termersetzungssystem
Default
Implementierung
Disjunktion <Logik>
Gesetz <Physik>
Speicherbereichsnetzwerk
Computeranimation
Entscheidungstheorie
Physikalisches System
Spezialrechner
Datenmanagement
Witt-Algebra
Rechter Winkel
Last
Mini-Disc
ATM
Dateiverwaltung
Mini-Disc
Faltung <Mathematik>
Trigonometrische Funktion
Bildgebendes Verfahren
Algorithmus
Kraftfahrzeugmechatroniker
Diskretes System
Open Source
Kartesische Koordinaten
Gesetz <Physik>
Speicherbereichsnetzwerk
Quick-Sort
Computeranimation
Physikalisches System
Datenmanagement
Mini-Disc
Speicherbereichsnetzwerk
Offene Abbildung
Projektive Ebene
Verzerrungstensor
Information
Mini-Disc
Speicher <Informatik>
Bildgebendes Verfahren
Gewichtete Summe
Prozess <Physik>
Virtualisierung
Kartesische Koordinaten
Login
Computeranimation
Virtuelle Maschine
Physikalisches System
Bildschirmmaske
Datenmanagement
Reverse Engineering
Dateiverwaltung
Inverser Limes
Response-Zeit
Softwareentwickler
Speicher <Informatik>
Konfigurationsraum
SCSI
Kraftfahrzeugmechatroniker
ATM
Algorithmus
Gerichtete Menge
Güte der Anpassung
Speicherbereichsnetzwerk
Witt-Algebra
Gamecontroller
Mini-Disc
Standardabweichung
SCSI
Kraftfahrzeugmechatroniker
Stabilitätstheorie <Logik>
Subtraktion
Gerichtete Menge
Punkt
Ortsoperator
Eindeutigkeit
Program Slicing
Klasse <Mathematik>
p-Block
Elektronische Publikation
Computeranimation
Task
Cyberspace
Patch <Software>
Witt-Algebra
Caching
Dateiverwaltung
Computerarchitektur
Speicher <Informatik>
Softwareentwickler
Konfigurationsraum
Default
Kraftfahrzeugmechatroniker
ATM
Multiplikation
Architektur <Informatik>
Druckertreiber
Prozess <Physik>
Mini-Disc
Migration <Informatik>
Mathematisierung
Schlüsselverwaltung
Bildgebendes Verfahren
Quick-Sort
Computeranimation
Schreiben <Datenverarbeitung>
Kartesische Koordinaten
Socket-Schnittstelle
Computeranimation
Netzwerktopologie
Virtuelle Maschine
Zugriffskontrolle
Domain-Name
Witt-Algebra
Regelkreis
Gamecontroller
Socket
Information
Druckertreiber
Lesen <Datenverarbeitung>
Prozess <Physik>
Kartesische Koordinaten
Framework <Informatik>
Computeranimation
Netzwerktopologie
Virtuelle Maschine
Client
Regelkreis
Softwareentwickler
Druckertreiber
E-Mail
Nichtlinearer Operator
Lineares Funktional
Befehl <Informatik>
Open Source
Disjunktion <Logik>
Schlussregel
Mailing-Liste
Plug in
Quick-Sort
Netzwerktopologie
Arithmetisches Mittel
Zugriffskontrolle
Druckertreiber
Rechter Winkel
Witt-Algebra
Mereologie
Gamecontroller
Objekt <Kategorie>
Stellenring
Domain <Netzwerk>
Subtraktion
Konfiguration <Informatik>
Gruppenoperation
Socket-Schnittstelle
Computeranimation
Virtuelle Maschine
Domain-Name
Einheit <Mathematik>
Uniforme Struktur
Regelkreis
Inverser Limes
Druckertreiber
Demo <Programm>
Informationsmanagement
Kraftfahrzeugmechatroniker
Eindeutigkeit
Stellenring
Schlussregel
Schlussregel
Gruppenoperation
Mapping <Computergraphik>
Objekt <Kategorie>
Gruppenkeim
Witt-Algebra
Ganze Zahl
Konditionszahl
Mereologie
Gamecontroller
Wort <Informatik>
Identifizierbarkeit
Information
Varietät <Mathematik>
Beobachtungsstudie
Lineares Funktional
Physiker
Zehn
Matching <Graphentheorie>
Kategorie <Mathematik>
Green-Funktion
Gruppenoperation
Gruppenkeim
Zahlenbereich
Schlussregel
Elektronische Publikation
Computeranimation
Schlussregel
Objekt <Kategorie>
Menge
Witt-Algebra
Prozess <Informatik>
Gamecontroller
Skript <Programm>
Gerade
Demo <Programm>
Informationsmanagement
Hydrostatik
Rückkopplung
Bit
Datenhaltung
Default
Gasströmung
Schlussregel
Computeranimation
Schlussregel
Flächeninhalt
Witt-Algebra
Prozess <Informatik>
Rechter Winkel
Gamecontroller
Äußere Algebra eines Moduls
Authentifikation
Mini-Disc
Demo <Programm>
Soundverarbeitung
Hydrostatik
Expertensystem
Einfügungsdämpfung
Prozess <Physik>
Atomarität <Informatik>
Computersicherheit
Default
Gasströmung
Ereignishorizont
Code
Computeranimation
Formale Semantik
Generizität
Virtuelle Maschine
Witt-Algebra
Gruppe <Mathematik>
Kontrollstruktur
Inverser Limes
Mini-Disc
Gerade
Hydrostatik
Bit
Prozess <Physik>
Wasserdampftafel
Atomarität <Informatik>
Klasse <Mathematik>
Framework <Informatik>
Computeranimation
Eins
Arbeit <Physik>
Domain-Name
Einheit <Mathematik>
Mini-Disc
Default
Bildgebendes Verfahren
ATM
Default
Schlussregel
Gasströmung
Ereignishorizont
Rechter Winkel
Witt-Algebra
Emulator
Mini-Disc
Standardabweichung
Digital-Analog-Umsetzer
Spezialrechner
Hydrostatik
Kraftfahrzeugmechatroniker
Prozess <Physik>
Witt-Algebra
Default
Eindeutigkeit
Ablöseblase
Gamecontroller
Schreiben <Datenverarbeitung>
Gasströmung
Eigentliche Abbildung
Computeranimation
Hydrostatik
Distributionstheorie
Mathematisierung
Gruppenkeim
ROM <Informatik>
Inzidenzalgebra
Login
Computeranimation
Open Source
Spezialrechner
Virtuelle Maschine
Message-Passing
Domain-Name
Knotenmenge
Weg <Topologie>
Datensatz
Mini-Disc
Operations Research
Speicher <Informatik>
Grundraum
Bildgebendes Verfahren
Softwaretest
Nichtlinearer Operator
Datennetz
Default
Gasströmung
Physikalisches System
p-Block
Quick-Sort
Digital-Analog-Umsetzer
Funktion <Mathematik>
Menge
Witt-Algebra
Rechter Winkel
Login
Festspeicher
Gamecontroller
Information
Kontrollstruktur
Freeware
Physikalischer Effekt
Default
Gruppenkeim
Hierarchische Struktur
Physikalisches System
Quellcode
Login
Computeranimation
Kernel <Informatik>
Integral
Open Source
Message-Passing
Funktion <Mathematik>
Gruppentheorie
Witt-Algebra
Dateiformat
Information
Default
Wald <Graphentheorie>
Kontrollstruktur
Default
Gruppenkeim
Gibbs-Verteilung
Physikalisches System
Computeranimation
Übergang
Kernel <Informatik>
Virtuelle Maschine
Witt-Algebra
Wavelet
Gruppentheorie
Freie Gruppe
Multitasking
Einfügungsdämpfung
Gewicht <Mathematik>
Kontrollstruktur
Program Slicing
Gruppenkeim
Absoluter Raum
Zentraleinheit
Computeranimation
Übergang
Virtuelle Maschine
Physikalisches System
Gruppentheorie
Datentyp
Emulator
Konfigurationsraum
Softwaretest
Open Source
Relativitätstheorie
Datenmodell
Physikalisches System
Frequenz
Partitionsfunktion
Menge
Modelltheorie
Verzeichnisdienst
Zentraleinheit
Geschwindigkeit
Informationsmodellierung
Witt-Algebra
Festspeicher
Datenmodell
Systemaufruf
Emulator
Modelltheorie
Zentraleinheit
Default
Zentraleinheit
Computeranimation
Hydrostatik
Hardware
Momentenproblem
Mengentheoretische Topologie
Softwarewerkzeug
Gasströmung
Kardinalzahl
ROM <Informatik>
Computeranimation
Inverser Limes
Homepage
Virtuelle Maschine
Informationsmodellierung
Witt-Algebra
Festspeicher
Zentraleinheit
Betriebsmittelverwaltung
Hydrostatik
Bit
Mengentheoretische Topologie
Keller <Informatik>
Gasströmung
Paarvergleich
ROM <Informatik>
Quick-Sort
Computeranimation
Inverser Limes
Homepage
Homepage
Kernel <Informatik>
Virtuelle Maschine
Witt-Algebra
Mittelwert
Software
Festspeicher
Gamecontroller
Betriebsmittelverwaltung
Zentraleinheit
Zeichenkette
Hydrostatik
Mengentheoretische Topologie
Gasströmung
ROM <Informatik>
Computeranimation
Inverser Limes
Homepage
Dichte <Physik>
Homepage
Virtuelle Maschine
Festspeicher
Inverser Limes
GRASS <Programm>
Zentraleinheit
Betriebsmittelverwaltung
Hydrostatik
Mengentheoretische Topologie
Virtuelle Realität
Kategorie <Mathematik>
Physikalismus
Gasströmung
Plot <Graphische Darstellung>
p-Block
ROM <Informatik>
Computeranimation
Homepage
Übergang
Arithmetisches Mittel
Virtuelle Maschine
Gewicht <Mathematik>
Witt-Algebra
Mini-Disc
Total <Mathematik>
Mini-Disc
p-Block
Speicher <Informatik>
Betriebsmittelverwaltung
Zentraleinheit
Funktion <Mathematik>
Rechenschieber
Shape <Informatik>
Witt-Algebra
Datennetz
Softwarewerkzeug
Bandmatrix
Kartesische Koordinaten
Bandmatrix
Migration <Informatik>
Softwareentwickler
Computeranimation
Einfügungsdämpfung
Virtualisierung
t-Test
Iteration
Kartesische Koordinaten
Zentraleinheit
Gesetz <Physik>
Socket-Schnittstelle
Computeranimation
Homepage
Virtuelle Maschine
Domain-Name
Einheit <Mathematik>
Endogene Variable
Konfigurationsraum
Metropolitan area network
Schnelltaste
Lineares Funktional
Mobiles Internet
Programmverifikation
Systemverwaltung
Abfrage
Fokalpunkt
Software Development Kit
Konfiguration <Informatik>
Videokonferenz
Arithmetisches Mittel
Diskrete-Elemente-Methode
Offene Menge
Mereologie
SOLOMON <Programm>
Gamecontroller
Wort <Informatik>
Normalspannung
Aggregatzustand

Metadaten

Formale Metadaten

Titel New Developments and Advanced Features in the Libvirt Management API
Serientitel FOSDEM 2014
Autor Berrange, Daniel
Lizenz CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/32583
Herausgeber FOSDEM VZW
Erscheinungsjahr 2014
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Topics to be covered in the talk include * Capabilities for mutual exclusion / locking of guest disk images * Fine grained access control against individual operations, users and objects in the API * The sVirt mandatory access control framework * Auditing and structured logging via the systemd journal * Integration with systemd and cgroups for resource management In the 8+ years since it has been founded, the libvirt project has grown to become the leading open source API for the management of virtualization hosts, with a strong focus on supporting the open source virtualization & container technologies, KVM, QEMU, Xen and LXC. Many people working in the open source virtualization management space already have an understanding of the core features and architecture of libvirt. This talk will thus focus on a selection of recently developed features and of some of the other important, but less well known, features of libvirt. The talk will be targeted at virtualization application developers using libvirt, with a bias towards those using KVM or LXC. At the end of the talk the audience will better understand how to take advantage of libvirt for their development need

Ähnliche Filme

Loading...
Feedback