Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Host Filesystem Sharing #1180

Closed
raduweiss opened this issue Jul 15, 2019 · 12 comments
Closed

Host Filesystem Sharing #1180

raduweiss opened this issue Jul 15, 2019 · 12 comments
Labels
Roadmap: Tracked Items tracked on the roadmap project.

Comments

@raduweiss
Copy link
Contributor

This feature is in high demand, and we formerly rejected the p9-based implementation for security concerns. With the advent of things like virtio-fs and other ideas of how to achieve this functionality, we will need to research our options and revisit the threat model impact.

Related issues: #889
@raduweiss raduweiss added Feature: IO Virtualization Roadmap: Tracked Items tracked on the roadmap project. labels Jul 15, 2019
@raduweiss raduweiss mentioned this issue Jul 15, 2019
Closed
This was referenced Jul 15, 2019
Closed
Closed
@zgen0623
Copy link

zgen0623 commented Aug 8, 2019

With this feature, can the firecracker work with overlay-fs just like docker?

@raduweiss
Copy link
Contributor Author

We don't know yet. The next step here will be to research the existing options and their trade-offs.

Basically, everything int he Researching part of the roadmap has a "feature is desirable but design & plans TBD" status.

@jpmartin2 jpmartin2 mentioned this issue Sep 12, 2019
Closed
@fanux
Copy link

fanux commented Sep 12, 2019

I think support kubernetes PV block is better...

@zmlcc
Copy link

zmlcc commented Oct 11, 2019

VirioFS has been merged into mainline. I think support this driver would solve the sharing problem

@zmlcc zmlcc mentioned this issue Oct 24, 2019
Closed
15 tasks
@raduweiss
Copy link
Contributor Author

Closing this for now as it doesn't look like a path we need to take Firecracker on. More detailed our line of reasoning reasoning in #1351 . @zmlcc thanks for the work on that PR, it eventually caused to to consider this carefully and reach a decision here.

@wenhuizhang
Copy link

I used configuration:

root@n192-191-015:~/opt/kata/share/defaults/kata-containers# cat /etc/kata-containers/configuration.toml
[hypervisor.firecracker]
path = "/root/opt/kata/bin/firecracker"
kernel = "/usr/share/kata-containers/vmlinux.container"
image = "/root/opt/kata/share/kata-containers/kata-containers.img"

rootfs_type="ext4"
enable_annotations = ["enable_iommu"]
valid_hypervisor_paths = ["/root/opt/kata/bin/firecracker"]
jailer_path = "/root/opt/kata/bin/jailer"
valid_jailer_paths = ["/root/opt/kata/bin/jailer"]
kernel_params = ""
default_vcpus = 1
default_bridges = 1
default_memory = 2048
default_maxmemory = 0



disable_block_device_use = false
shared_fs = "virtio-fs"
virtio_fs_daemon = "/root/opt/kata/libexec/virtiofsd"
valid_virtio_fs_daemon_paths = ["/root/opt/kata/libexec/virtiofsd"]
virtio_fs_cache_size = 0
virtio_fs_queue_size = 1024
virtio_fs_extra_args = ["--thread-pool-size=1", "-o", "announce_submounts"]
virtio_fs_cache = "auto"
block_device_driver = "virtio-scsi"
block_device_aio = "io_uring"
enable_iothreads = false
enable_vhost_user_store = false
vhost_user_store_path = "/var/run/kata-containers/vhost-user"
valid_vhost_user_store_paths = ["/var/run/kata-containers/vhost-user"]
vhost_user_reconnect_timeout_sec = 0
valid_file_mem_backends = [""]
pflashes = []
valid_entropy_sources = ["/dev/urandom","/dev/random",""]
disable_selinux=false
disable_guest_selinux=true



[factory]

[agent.kata]
kernel_modules=[]

[runtime]
internetworking_model="tcfilter"
disable_guest_seccomp=true
sandbox_cgroup_only=false
static_sandbox_resource_mgmt=true
disable_guest_empty_dir=false
experimental=[]

and got

root@n192-191-015:~/opt/kata/share/defaults/kata-containers# sudo ctr run --snapshotter devmapper --runtime io.containerd.run.kata-fc.v2 -t --rm docker.io/library/ubuntu:latest test
ctr: failed to create shim task: Timeout after 3s waiting for uevent ScsiBlockMatcher { search: "/0:0:0:0/block/" }: unknown

@dianpopa
Copy link
Contributor

hi @wenhuizhang

Firstly, The configuration you posted seems to contain some virtio-fs setup. Firecracker does not have support for that.
Secondly, the replication steps posted are specific to kata-container setup and we, as the Firecracker maintainers, are not able to provide the proper expertise to help with that.

Thanks!

@alexandru0-dev
Copy link

Firstly, The configuration you posted seems to contain some virtio-fs setup. Firecracker does not have support for that.

Is virtio-fs going to be supported?

@zulinx86
Copy link
Contributor

Hello @alexandru0-dev

virtio-fs support is not currently on our roadmap as we answered on this comment.
If you have specific use case requiring virtio-fs, feel free to share it with us.

Thanks!

@alexandru0-dev
Copy link

@zulinx86 virtiofs would allow high performance for a shared filesystem with the host for when the host or multiple VMs.
I agree on the decision to not add support to 9p.

Also rust-vmm should now support virtio-fs if I'm not mistaken.

I would be happy to discuss the topic.

@paulbaumgart
Copy link

As an alternative, https://github.com/cloud-hypervisor/cloud-hypervisor is a rust-vmm-based lightweight hypervisor that has virtio-fs support.

@alexandru0-dev
Copy link

@paulbaumgart yeah in fact I was using that one for now but I was also interested in this project

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Roadmap: Tracked Items tracked on the roadmap project.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@paulbaumgart @wenhuizhang @dianpopa @fanux @zmlcc @zgen0623 @raduweiss @alexandru0-dev @zulinx86