openstack team mailing list archive

Thread
Date

where nova-compute runs: KVM vs Xen

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Yun Mao <yunmao@xxxxxxxxx>
Date: Thu, 5 Apr 2012 11:06:28 -0400

Right now, if you use KVM via libvirt (the default case), on the
compute node, nova-compute runs on the host. If you use Xen via
xenapi, nova-compute runs on Dom-U. (I'll ignore Xen via libvirt since
no one really uses it.)

What's the fundamental design decision to make the distinction?
Presumably, it is not *that* hard to run nova-compute in a KVM VM,
since the libvirt control socket works on tcp. I can see updating
iptables rules would be painful but shouldn't we have the same problem
with Xen? Conversely, it's also not impossible to run nova-compute in
Dom-0. I understand running something in a VM is more secure in some
sense than running in Dom0. But shouldn't the same argument apply to
KVM's case as well?

Your input is appreciated. Thanks,

Yun

Follow ups

Re: where nova-compute runs: KVM vs Xen
From: Todd Deshane, 2012-04-06
Re: where nova-compute runs: KVM vs Xen
From: Monsyne Dragon, 2012-04-05