[OpenAFS-devel] [Patch] Support OpenVZ virtualization scheme for openafs-1.4.8 kernel module

Night Nord NightNord@gmail.com
Wed, 25 Feb 2009 02:12:39 +0300


OpenVZ (www.openvz.org) is a virtualization solution - looks like very
advanced chroot jail - when multiply virtual servers (CT - containers) shares
same kernels, but all operations executed in different namespaces. This
includes net namespace. Such scheme allows very cheap and secure virtualization,
but requires special support for any kernel subsystem/module. That patch allows
openafs-1.4.8 AFS client (libafs kernel module) to be used into such
environment. That patch not actually virtualizes module, but allows it to be
built correctly and allows to `mount --bind` /afs from 'real system'
(Hardware Node - HN - in OpenVZ terminology) into containers (which are like
chroot's, but much more complex).

Detailed:

1) Build-system:
        Check into acinclude.m4 and src/cf/linux-test.m4 for enabled OpenVZ
        containers scheme (HAVE_OPENVZ).

2) src/afs/LINUX/osi_groups.c:
        Use find_task_by_pid_all(1) to get HN's 'init', not one from container.

3) src/afs/afs_osi.c:
        Use for_each_process_all to support storing authentication tokens for
        all processes, not only HN's. (Necessary to build)
4) src/afs/rx_knet.c, src/afs/rx_lwp.c, src/afs/rx_pthread.c
        Make it bindable into containers - idea is simple, sending requests
        and receiving them must be done from HN's namespace - where actually
        all other work is simple, otherwise you will see files from container,
        but any operation will be timed out. So we must just switch into HN's
        (aka VE0 - virtual environment) namespace before sent, and then switch
        back before any return.