On 15 May 2015 at 12:28, Daniel P. Berrange <berra...@redhat.com> wrote: > One other thing I should have mentioned is that we don't actually have > one single minimum libvirt version. We actually have a couple of different > minimum versions based on either the architecture or the hypervisor. > > For example, the Parallels hypervisor support was set to 1.2.12 and > the S/390 support was /supposed/ to have been set to 1.0.4, but I see > the devs failed to actally submit that change so I'll be doing that > shortly. > > I think there is a credible argument that we increase the min required > libvirt for LXC, because it requires a pretty new libvirt and kernel > to provide any sensible level of security (ie user namespaces). We're > rather negligent at the moment to let users deploy LXC with older > versions as it is trivial for tenants to escape isolation. > > So the current MIN_LIBVIRT_VERSION is really talking about x86 + KVM > combination. > > We do a really bad job of making this clear anywhere in our docs for > Nova AFAIK. Likewise we don't make any distinction in our docs about > the version we have tested with, vs the versions we are capable of > running with. This is all critical info to people deploying, so they > have guidance as to how much testing of their specific platform they > should do at deployment time.
+1 We need to address this as part of the "feature classification" stuff. We should certainly document what we are testing for all these combinations. As I mentioned before, the same goes for other drivers. We should be clear we don't current test against older versions of Glance/Cinder/Neutron, for example. Thanks, John _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators