On Wed, 1 Aug 2012, Jesper Dahl Nyerup wrote:> Hi,
>
> I need to deploy a bunch of VMs, that need data from NFS shares residing
> on a network I don''t trust my VMs to connect to directly.
>
> What would it take for me to mount the shares on the hosts, and export
> them to my VMs using v9fs, for instance?
There is a chance that v9fs is going to work, but it is a completely
untested configuration. You need to use upstream QEMU, configure it with
the right options to enable v9fs. Once you have done that, you probably
also need to pass a particular command line option to QEMU in order to
enable v9fs, but unfortunately xl doesn''t know about it.
However you can add any command line parameters you like to QEMU, adding
a "device_model_args" config parameter to your VM.
> In practice, only one of my VMs will access a portion of the NFS at a
> time, and the host won''t touch it at all, so I''m pretty
confident that
> the VMs'' VFS caching and locking won''t be an issue.
>
> I understand that KVM can do v9fs exports using virtio and qemu[1], and
> I was wondering if this was possible with Xen as well, as Xen also makes
> use of qemu. Allegedly using virtio devices should theoretically be
> possible for HVM guests, but I''m not sure if this has been
implemented
> in Xen''s qemu.
>
> I don''t have a preference for v9fs at all, so any hints or
insights to
> similar solutions will be greatly appreciated.
Wouldn''t it be easier to create a special vlan that lets your VM
connect
just to that NFS share rather than the entire secure network?