Re: [RFC PATCH 06/18] qemu-storage-daemon: Add --nbd-server option

[Eric Blake]

On 11/7/19 9:27 AM, Kevin Wolf wrote:
> Am 07.11.2019 um 14:45 hat Eric Blake geschrieben:
> > On 11/7/19 2:33 AM, Kevin Wolf wrote:
> > > As a replacement nbd-server-add, I envisioned adding something like a
> > > block-export-add, which would work the way that --export already does.
> > > It would also come with query-block-exports and block-export-del, and it
> > > wouldn't contain only NBD devices, but also vhost-user, FUSE, etc.
> > > exports.
> > >
> > > Now I'm wondering if the same would make sense for nbd-server-start.
> > > Maybe an API change would even allow us to start multiple NBD servers
> > > (e.g. listening on different IP addresses or using different tls-creds).
> >
> > We want that (the ability to run multiple parallel NBD servers) anyway, to
> > allow parallel incremental backups from different points in time to
> > different clients.
>
> Can't you already have multiple exports on a single NBD server for
> multiple clients today? Or do you need a different server configuration
> for each client?

With our current code base, you can only run a single NBD server, with 
multiple exports, but the TLS creds are shared among all exports.  It is 
indeed technically possible to tweak things where the single server 
changes _which_ exports are exposed based on _which_ creds were used by 
the client (but only when TLS is used, and note that qemu-nbd currently 
refuses to mix TLS and Unix sockets, although I need to post a v2 of a 
patch I proposed a while back to improve that).  But it is easier still 
to run two separate servers on different ports with two different creds, 
and where there is no magic on which exports to show merely based on 
which creds were presented (and this includes a plaintext connection 
over Unix).  Either way, it requires code changes, and most likely for 5.0.

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org