Recently, openEuler opened source a powerful tool called StratoVirt. StratoVirt is an enterprise-class virtualization platform for cloud data centers in the computing industry, and implements an architecture that supports vm, container, and Serverless scenarios in a unified manner. StratoVirt has key technology competitive advantages in light weight, low noise, soft and hard collaboration, and Rust language-level security.
Why StratoVirt?
Strato, referring to the stratosphere in the Earth’s atmosphere, stands for the thin protective layer that protects the smooth operation of openEuler’s platform. Strato carries the project’s vision and future: lightweight, flexible, safe and complete protection capabilities. Strato also represents openEuler’s confidence in promoting the prosperity of next-generation full-scenario virtualization technology and building the competitiveness of key virtualization technologies.
Why StratoVirt?
Speaking of virtualization, The openEuler platform already integrates mature QEMU-KVM solutions in the industry, so how could StratoVirt expect to build a different solution?
- Insight 1: QEMU evolution history
When it comes to virtualization, we have to mention QEMU. Qemu-kvm is the cornerstone and mainline of the development of the entire virtualization industry, but it has accumulated a huge code baseline and a variety of historical devices over the years. By our count, there are currently 1.57 million code in QEMU, and a significant portion of that code is designed to support Legacy features or devices that are heavily coupled and cannot be installed lightly. Another insight is CVE. We analyzed and counted the CVE problems of QEMU in the past ten years, and nearly half of them were caused by internal problems. Those of you who have worked in infrastructure should be deeply impressed. When it comes to CVE, it is not a problem to work overtime, stay up late and stay up all night, and even take the blame if you work overtime. Therefore, we are also actively seeking a way to redeem ourselves. We expect the answer to be Rust.
- Insight 2: Resource isolation solution Evolution
Another insight is how to isolate resources. As we all know, the resources on a server are too big, and must be separated with or sold separately. Containers and virtual machines are two powerful tools for resource segmentation. Of course, from the management side we can see K8S, openstack, libvirt and so on. Container is a great thing, but it’s not secure enough. So let’s take a new approach and use virtual machines to build secure containers. The security problem was solved, but a new problem was created: the virtual machine was too heavy, which was fine for some resident businesses, but deadly for some lightweight businesses, such as Serverless. Left or right? What’s our solution? Microvm. In lightweight scenarios, openEuler explores open source solutions and attempts to solve problems. The first discovery was that Docker was too heavy, with an administrative overhead of close to 100MB per VM, hence isula. We also found that qEMu was too heavy, hence Stratovirt.
What is the architecture of StratoVirt?
From the perspective of top-level architecture, StratoVirt’s position in the software stack is similar to that of QEMU and Firecracker. Downward, KVM modules are used to realize hardware acceleration, such as VT of X86 and Kunpeng-V of Kunpeng platform. The container engine isula or Docker is used to connect to the container generation, and the virtual machine engine libvirt is used to connect to the virtual machine ecology, so as to support a variety of application scenarios in the end, side, and cloud. In terms of StratoVirt itself, compared with Rust-VMM, the biggest architectural features of StratoVirt are componentization and flexible configuration: For example, StratoVirt introduces the concept of device Model, based on which a variety of common components such as CPU, flat memory, stacked memory, VIRtio device AND PCI device are realized. For the lightweight scenario, we can choose the lightweight motherboard and add necessary components such as CPU, flat memory and Virtio equipment on this basis. For standardized scenarios, we can choose standard motherboards and add components such as CPU, stacked memory model, PCI system and Virtio equipment, so that we can flexibly respond to the needs of various scenarios.
StratoVirt future
StratoVirt’s roadmap is to support both lightweight virtual machine and standard VIRTUAL machine modes through a set of architectures:
- In lightweight vm mode, the memory noise of a single virtual machine is less than 4MB, the startup time is less than 50ms, and the device scalability with ms latency has been developed and opened in the openEuler community in September 2020.
- In standard virtual machine mode, complete machine model can be supported, and standard kernel image can be started, which can achieve Qemu capability, and has great advantages in code size and security.
Welcome to join
StratoVirt is now open source in the openEuler community.
Project address: gitee.com/openeuler/s…
The openEuler community will take a look at StratoVirt live on Station B every Tuesday at 8pm. Come and talk to StratoVirt contributors! The studio address: live.bilibili.com/22290444
- 2020.10.27 20:00 How do I install and use StratoVirt
- StatoVirt CPU subsystem analysis
- Analysis of StatoVirt memory subsystem
- IO subsystem analysis of StatoVirt
- StatoVirt Technology Planning and Outlook