Re: [Qemu-devel] [PATCHv4] block: add native support for NFS
On 2013年12月26日 14:10, ronnie sahlberg wrote: On Wed, Dec 25, 2013 at 9:42 PM, Fam Zheng wrote: On 2013年12月21日 00:04, Peter Lieven wrote: This patch adds native support for accessing images on NFS shares without the requirement to actually mount the entire NFS share on the host. NFS Images can simply be specified by an url of the form: nfs: For example: qemu-img create -f qcow2 nfs://10.0.0.1/qemu-images/test.qcow2 You need LibNFS from Ronnie Sahlberg available at: git://github.com/sahlberg/libnfs.git for this to work. During configure it is automatically probed for libnfs and support is enabled on-the-fly. You can forbid or enforce libnfs support with --disable-libnfs or --enable-libnfs respectively. Due to NFS restrictions you might need to execute your binaries as root, allow them to open priviledged ports (<1024) or specify insecure option on the NFS server. What are the error messages like, if no privilege. Is root always required for this to work? NFS servers often default to only allow client connections that originates from a system port. I know three different ways to solve this: 1, Run QEMU as root, which allows libnfs to bind to a system port. This is probably suboptimal since I guess most people would want to avoid running qemu as root if they can avoid it. 2, Change the NFS server to allow connections from nonsystem ports. On linux NFS servers this is done by adding "insecure" as the export option in /etc/exports. This may be preferable to option 1 (since secure/insecure does not really add much security in the first place). 3, Assign the capability to qemu to bind to system ports when running as non-root user. This is probably the most attractive option of the three. You can still run qemu as non-root and you dont have to change the security mode on the NFS server. It is highly non-portable though and only work on platforms that provide capabilities. On linux you add this capability using : sudo setcap 'cap_net_bind_service=+ep' /path/to/executable Thank you very much for elaboration, Ronnie. It's clear to me now and hopefully this can help users with their setup too. Fam
Re: [Qemu-devel] [PATCHv4] block: add native support for NFS
On Wed, Dec 25, 2013 at 9:42 PM, Fam Zheng wrote: > On 2013年12月21日 00:04, Peter Lieven wrote: >> >> This patch adds native support for accessing images on NFS shares without >> the requirement to actually mount the entire NFS share on the host. >> >> NFS Images can simply be specified by an url of the form: >> nfs: >> >> For example: >> qemu-img create -f qcow2 nfs://10.0.0.1/qemu-images/test.qcow2 >> >> You need LibNFS from Ronnie Sahlberg available at: >> git://github.com/sahlberg/libnfs.git >> for this to work. >> >> During configure it is automatically probed for libnfs and support >> is enabled on-the-fly. You can forbid or enforce libnfs support >> with --disable-libnfs or --enable-libnfs respectively. >> >> Due to NFS restrictions you might need to execute your binaries >> as root, allow them to open priviledged ports (<1024) or specify >> insecure option on the NFS server. >> > > What are the error messages like, if no privilege. Is root always required > for this to work? NFS servers often default to only allow client connections that originates from a system port. I know three different ways to solve this: 1, Run QEMU as root, which allows libnfs to bind to a system port. This is probably suboptimal since I guess most people would want to avoid running qemu as root if they can avoid it. 2, Change the NFS server to allow connections from nonsystem ports. On linux NFS servers this is done by adding "insecure" as the export option in /etc/exports. This may be preferable to option 1 (since secure/insecure does not really add much security in the first place). 3, Assign the capability to qemu to bind to system ports when running as non-root user. This is probably the most attractive option of the three. You can still run qemu as non-root and you dont have to change the security mode on the NFS server. It is highly non-portable though and only work on platforms that provide capabilities. On linux you add this capability using : sudo setcap 'cap_net_bind_service=+ep' /path/to/executable regards ronnie sahlberg
Re: [Qemu-devel] [PATCHv4] block: add native support for NFS
On 2013年12月21日 00:04, Peter Lieven wrote: This patch adds native support for accessing images on NFS shares without the requirement to actually mount the entire NFS share on the host. NFS Images can simply be specified by an url of the form: nfs: For example: qemu-img create -f qcow2 nfs://10.0.0.1/qemu-images/test.qcow2 You need LibNFS from Ronnie Sahlberg available at: git://github.com/sahlberg/libnfs.git for this to work. During configure it is automatically probed for libnfs and support is enabled on-the-fly. You can forbid or enforce libnfs support with --disable-libnfs or --enable-libnfs respectively. Due to NFS restrictions you might need to execute your binaries as root, allow them to open priviledged ports (<1024) or specify insecure option on the NFS server. What are the error messages like, if no privilege. Is root always required for this to work? LibNFS currently support NFS version 3 only. Signed-off-by: Peter Lieven --- v3->v4: - finally added full implementation of bdrv_get_allocated_file_size [Stefan] - removed trailing \n from error statements [Stefan] v2->v3: - rebased the stefanha/block - use pkg_config to check for libnfs (ignoring cflags which are broken in 1.8.0) [Stefan] - fixed NFSClient declaration [Stefan] - renamed Task variables to task [Stefan] - renamed NFSTask to NFSRPC [Ronnie] - do not update bs->total_sectors in nfs_co_writev [Stefan] - return -ENOMEM on all async call failures [Stefan,Ronnie] - fully implement ftruncate - use util/uri.c for URL parsing [Stefan] - reworked nfs_file_open_common to nfs_client_open which works on NFSClient [Stefan] - added a comment ot the connect message that libnfs support NFSv3 only at the moment. - DID NOT add full implementation of bdrv_get_allocated_file_size because we are not in a coroutine context and I cannot do an async call here. I could do a sync call if there would be a guarantee that no requests are in flight. [Stefan] v1->v2: - fixed block/Makefile.objs [Ronnie] - do not always register a read handler [Ronnie] - add support for reading beyond EOF [Fam] - fixed struct and paramter naming [Fam] - fixed overlong lines and whitespace errors [Fam] - return return status from libnfs whereever possible [Fam] - added comment why we set allocated_file_size to -ENOTSUP after write [Fam] - avoid segfault when parsing filname [Fam] - remove unused close_bh from NFSClient [Fam] - avoid dividing and mutliplying total_size by BDRV_SECTOR_SIZE in nfs_file_create [Fam] MAINTAINERS |5 + block/Makefile.objs |1 + block/nfs.c | 414 +++ configure | 26 4 files changed, 446 insertions(+) create mode 100644 block/nfs.c diff --git a/MAINTAINERS b/MAINTAINERS index a5ab8f8..09996ab 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -935,6 +935,11 @@ M: Peter Lieven S: Supported F: block/iscsi.c +NFS +M: Peter Lieven +S: Maintained +F: block/nfs.c + SSH M: Richard W.M. Jones S: Supported diff --git a/block/Makefile.objs b/block/Makefile.objs index 4e8c91e..e254a21 100644 --- a/block/Makefile.objs +++ b/block/Makefile.objs @@ -12,6 +12,7 @@ block-obj-$(CONFIG_LINUX_AIO) += linux-aio.o ifeq ($(CONFIG_POSIX),y) block-obj-y += nbd.o nbd-client.o sheepdog.o block-obj-$(CONFIG_LIBISCSI) += iscsi.o +block-obj-$(CONFIG_LIBNFS) += nfs.o block-obj-$(CONFIG_CURL) += curl.o block-obj-$(CONFIG_RBD) += rbd.o block-obj-$(CONFIG_GLUSTERFS) += gluster.o diff --git a/block/nfs.c b/block/nfs.c new file mode 100644 index 000..78fd8a1 --- /dev/null +++ b/block/nfs.c @@ -0,0 +1,414 @@ +/* + * QEMU Block driver for native access to files on NFS shares + * + * Copyright (c) 2013 Peter Lieven + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "config-host.h" + +#include +#include "qemu-common.h" +#include "qemu/config-fi
[Qemu-devel] [PATCHv4] block: add native support for NFS
This patch adds native support for accessing images on NFS shares without the requirement to actually mount the entire NFS share on the host. NFS Images can simply be specified by an url of the form: nfs: For example: qemu-img create -f qcow2 nfs://10.0.0.1/qemu-images/test.qcow2 You need LibNFS from Ronnie Sahlberg available at: git://github.com/sahlberg/libnfs.git for this to work. During configure it is automatically probed for libnfs and support is enabled on-the-fly. You can forbid or enforce libnfs support with --disable-libnfs or --enable-libnfs respectively. Due to NFS restrictions you might need to execute your binaries as root, allow them to open priviledged ports (<1024) or specify insecure option on the NFS server. LibNFS currently support NFS version 3 only. Signed-off-by: Peter Lieven --- v3->v4: - finally added full implementation of bdrv_get_allocated_file_size [Stefan] - removed trailing \n from error statements [Stefan] v2->v3: - rebased the stefanha/block - use pkg_config to check for libnfs (ignoring cflags which are broken in 1.8.0) [Stefan] - fixed NFSClient declaration [Stefan] - renamed Task variables to task [Stefan] - renamed NFSTask to NFSRPC [Ronnie] - do not update bs->total_sectors in nfs_co_writev [Stefan] - return -ENOMEM on all async call failures [Stefan,Ronnie] - fully implement ftruncate - use util/uri.c for URL parsing [Stefan] - reworked nfs_file_open_common to nfs_client_open which works on NFSClient [Stefan] - added a comment ot the connect message that libnfs support NFSv3 only at the moment. - DID NOT add full implementation of bdrv_get_allocated_file_size because we are not in a coroutine context and I cannot do an async call here. I could do a sync call if there would be a guarantee that no requests are in flight. [Stefan] v1->v2: - fixed block/Makefile.objs [Ronnie] - do not always register a read handler [Ronnie] - add support for reading beyond EOF [Fam] - fixed struct and paramter naming [Fam] - fixed overlong lines and whitespace errors [Fam] - return return status from libnfs whereever possible [Fam] - added comment why we set allocated_file_size to -ENOTSUP after write [Fam] - avoid segfault when parsing filname [Fam] - remove unused close_bh from NFSClient [Fam] - avoid dividing and mutliplying total_size by BDRV_SECTOR_SIZE in nfs_file_create [Fam] MAINTAINERS |5 + block/Makefile.objs |1 + block/nfs.c | 414 +++ configure | 26 4 files changed, 446 insertions(+) create mode 100644 block/nfs.c diff --git a/MAINTAINERS b/MAINTAINERS index a5ab8f8..09996ab 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -935,6 +935,11 @@ M: Peter Lieven S: Supported F: block/iscsi.c +NFS +M: Peter Lieven +S: Maintained +F: block/nfs.c + SSH M: Richard W.M. Jones S: Supported diff --git a/block/Makefile.objs b/block/Makefile.objs index 4e8c91e..e254a21 100644 --- a/block/Makefile.objs +++ b/block/Makefile.objs @@ -12,6 +12,7 @@ block-obj-$(CONFIG_LINUX_AIO) += linux-aio.o ifeq ($(CONFIG_POSIX),y) block-obj-y += nbd.o nbd-client.o sheepdog.o block-obj-$(CONFIG_LIBISCSI) += iscsi.o +block-obj-$(CONFIG_LIBNFS) += nfs.o block-obj-$(CONFIG_CURL) += curl.o block-obj-$(CONFIG_RBD) += rbd.o block-obj-$(CONFIG_GLUSTERFS) += gluster.o diff --git a/block/nfs.c b/block/nfs.c new file mode 100644 index 000..78fd8a1 --- /dev/null +++ b/block/nfs.c @@ -0,0 +1,414 @@ +/* + * QEMU Block driver for native access to files on NFS shares + * + * Copyright (c) 2013 Peter Lieven + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "config-host.h" + +#include +#include "qemu-common.h" +#include "qemu/config-file.h" +#include "qemu/error-report.h" +#include "block/block_int.h" +#include "trace.h" +#include "qemu/iov.h" +#include "qemu/uri.h" +#include "sysemu/sysemu.h" + +#include +#include +
