[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Publishing raw generic{,cloud} images without tar, and without compression, plus versionning of point releases

On 6/6/20 3:13 PM, Bastian Blank wrote:
> On Sat, Jun 06, 2020 at 11:16:42PM +1200, Andrew Ruthven wrote:
>> Those are examples, and it notes that the formats available are
>> configurable and none of them are specified as "must be available". The
>> CLI docs also have a similar note.
>> "Disk and container formats are configurable on a per-deployment
>> basis."
> 
> Both say "configurable", this makes the setting a policy decision.
> 
> What I seek is the documentation of the technical problems.  And, if
> Glance can't handle qcow2 with rbd, why such broken cases are not
> outright rejected, without the admin setting some magic options.

The backend here, refers to the virtualization layer, *NOT* how glance
store images. Indeed, Glance can store any format. But for example,
Qcow2 format aren't recommended at all if you use Ceph as a backend for
Nova's /var/lib/nova/instances (which a lot of people do).

Yes, you CAN use qcow2 with Ceph, but that's really not optimized, and
that's not what our users want to do.

>> Please don't make assumptions. How can you know that the system you're
>> dealing with can make conversions?
> 
> At least Cinder converts images all the time, and sometimes does not
> even know what it actually got, which leads to things like
> CVE-2015-1851.

Conversion are time consuming. Cloud users don't want to wait for it to
finish before using their instances.

>> How do you get that reading? When you read in context within the email
>> it reads as "we disable qcow2 because our backend only supports raw"
>> because that's what I said elsewhere in the email.
> 
> Because of the "we", which I read as the admins of the instance.  And
> "backend", which I don't talk to directly, but only to the Glance API.

Wrong reading. Backend refers to what's in use for the virtualization,
so sometimes the hypervisor, sometimes the block device backend (nova
file backend or Ceph).

> And the, at least to my searches, missing big and fat warning: don't do
> that, ever!
> 
> The only thing I can find comes from the Ceph documentation:
> | Important
> | Using QCOW2 for hosting a virtual machine disk is NOT recommended. If
> | you want to boot virtual machines in Ceph (ephemeral backend or boot
> | from volume), please use the raw image format within Glance.

If you've read this, then you got the point. I don't get why you're
continuing to reply then.

Cheers,

Thomas Goirand (zigo)
Reply to: