Hi,

Is it possible, using libvirt, to trigger some command on host, from the guest?

Both machines run Linux, both are trusted.
But anyway, I don't mean guest executing whichever command it wants, but only predefined one.

Is it possible to do with, for example, QEMU Guest Agent?
I really would like all the configuration to sit within libvirt (e.g. in xml file or something like that).

What I plan to do, is to mount guest directory in the host using sshfs.
That would also require the possibility to run host's command when the machine is accidentally or forcibly shut down (to umount).

Alternatively, if you know better way to achieve that, I would like to hear it.
Still, I would like to know how to execute command on host from guest.
There are some more use cases for me.

Thanks in advance!

--
Best regards,
Andrzej Telszewski

Were it proven possible today, it would be more difficult tomorrow. This is exactly the kind of thing developers and admins strive to PREVENT. Such a feature would subvert the security advantage in running processes or servers in virtual containers in the first place. All control must come from the host to the container, NEVER the other way.

That said, there may be other ways to accomplish your real purpose. Providing a "share" space on another container that can be mounted both from the host AND from any other containers would allow for storage communication between an arbitrary number of nodes. Would something like that have value in your case?

Hi,

I don't know if I was explicit enough.
I didn't mean for container to send whichever commands it wants and the host executing it.
I was thinking more about something like events.
Guest sends some event and the host can act accordingly upon it.

I don't see it as security problem.
You could achieve the same (or more dangerous) behavior using SSH or serial port / unix socket.

What is more, the container is private and trusted.

What I would like to achieve, is to mount guest's rootfs in the host.
Guest is running under libvirt/QEMU, under regular user (session mode).

Thanks.

--
Best regards,
Andrzej Telszewski

Why not use SSH?

Hi,

Because it requires setup outside of libvirt.
Also, I would like to be signaled when VM exits unintentionally.

--
Best regards,
Andrzej Telszewski

You can use virsh to check if guest is running.
virt-top is also useful for monitoring guest processes

Hi,

I'm more curious if there already is solution implementing my requirements.
I could boil something myself, but that wasn't my intent.
It is not critical, if it was, I would do something that you suggested.

--
Best regards,
Andrzej Telszewski

No, there is no solution, and if anything, it's usually the host monitoring the guest via an agent, and acting upon received data, not the other way around.

What exactly do you want to do?

Hi,

If I only knew ;-)

My initial need was to mount guest's rootfs onto the host.
I can live without that, it would sometimes make things easier to setup, but not by a huge amount.

Another use case could be guest signalling host about finished task.
E.g. if VM is used for building packages, it could signal when it's done.

The aim is to receive signal, instead of polling the guest.

I know most of this could be done by other means, I was just wondering if it could be done within libvirt itself.

--
Best regards,
Andrzej Telszewski

With any Full virtualization it is easy to mount the guest from the host. What you ask is that the GUEST trigger the host to mount the guest, and that is not something that you could normally trigger from the guest. In fact, the separation pretty much precludes such activity, for the reasons I gave earlier.

Have you considered bypassing libvert and full virtualization entirely and using kernel based virtual? Using LXC or OpernVZ the root of the guest is either ALWAYS available from the host, or available whenever the guest is mounted or running. This makes triggering a mount totally unnecessary.

Hi,

I won't agree.
The communication between host and guest is happening all the time in many different parts of the system.
They all have to be thoughtfully designed.

And as I mentioned before, I'm not asking for the host directly executing whatever commands the guest sends.
What I'm thinking of is defining some sort of signal/event. Then host could execute e.g. script, or simply ignore the event request.

Nope, LXC is on my wish list ;-)
I don't know if it's possible with technologies you mentioned, but what I really like about libvirt/QEMU is that I can run them under regular user account.
No root account involved.

--
Best regards,
Andrzej Telszewski

The common practice is to use the virtio-serial (or regular serial port) in the guest, as a file on the host, if the guest wants to send a message to the host, it will send t to it's serial port, and the host needs to monitor the file for changes and act upon them. this is the mechanism most guest agents use to communicate with the host. It is safe, since the host initiates the virtual port polling and will only execute commands received from it if it is programmed to specifically.

Anything else will have to either go through a shared storage volume or over a network. You can, btw, use an isolated IP network that exists only between the host and a guest.

Hi,

That's exactly what I was thinking of.
I just hoped that maybe libvirt already had an internal implementation.

virtio-vsock would also be a good candidate.
But I think it is just showing up as of this writing.

--
Best regards,
Andrzej Telszewski

if you want a ready implementation, you can take a look at ovirt-guest-agent's source code

Hi,

What I meant was that I was hoping that libvirt had it, meaning I don't have to do it on my own.

--
Best regards,
Andrzej Telszewski