nbdkit is our toolkit for creating Network Block Device (NBD) servers from “unusual” data sources. nbdkit was already configurable by writing simple plugins in several programming languages. Last week Eric Blake and I added a nice new feature: You can now modify existing plugins by placing “filters” in front of them.
A plugin might do something simple like serve a local file from disk or complicated like bridging to VMware servers. A filter can modify this by:
(You can also layer filters to arbitrary depth)
nbdkit 1.1.27 has three simple filters, and 1.1.28 will include two more, and you can write your own although (unlike plugins) filters do not yet have a stable ABI and we haven’t decided if we will offer a stable ABI in future.
Eric Blake has been doing some great stuff for nbdkit, the flexible plugin-based NBD server.
- Full parallel request handling.
You’ve always been able to tell nbdkit that your plugin can handle multiple requests in parallel from a single client, but until now that didn’t actually do anything (only parallel requests from multiple clients worked).
- An NBD forwarding plugin, so if you have another NBD server which doesn’t support a feature like encryption or new-style protocol, then you can front that server with nbdkit which does.
As well as that he’s fixed lots of small bugs with NBD compliance so hopefully we’re now much closer to the protocol spec (we always check that we interoperate with qemu’s nbd client, but it’s nice to know that we’re also complying with the spec). He also fixed a potential DoS where nbdkit would try to handle very large writes which would delay a thread in the server indefinitely.
Also this week, I wrote an nbdkit plugin for handling the weird Xen XVA file format. The whole thread is worth reading because 3 people came up with 3 unique solutions to this problem.
nbdkit is a liberally licensed NBD server which a stable plugin API for serving disks from unconventional sources.
Finally I got around to adding TLS (encryption and authentication) support. The support is complete and appears to interoperate with QEMU. It also supports a certificate authority, client certificate verification, certificate revocation, server verification (by the client), and configurable algorithms.
Actually using TLS with NBD is no easy matter. It takes a few pages of instructions just to explain how to set up the public-key infrastructure. On the client (QEMU) side, the command line parameter for connecting to a TLS-enabled NBD server is lengthy.
Then there’s the question of how you ensure TLS is being used. In nbdkit as in other NBD servers you can either turn on TLS in which case it’s used when the client requests it, or you can require TLS. In the latter case nbdkit will reject non-TLS connections (thus ensuring TLS is really being used), but most clients won’t be able to connect to such a server.
As usual, where SSH got it right, SSL/TLS/HTTPS got it all horribly wrong.
NBD is a protocol for accessing Block Devices (actual hard disks, and things that look like hard disks). nbdkit is a toolkit for creating NBD servers.
You can now write nbdkit plugins in Ruby.
(So in all that makes: C/C++, Perl, Python, OCaml or Ruby as your choices for nbdkit plugins)
You can now write OCaml plugins for nbdkit – the liberally licensed NBD server. You will, however, need OCaml ≥ 4.02.2+rc1 because of this fix.
qemu-img convert input output
does not work if the output is a pipe.
It’d sure be nice if it did though! For one thing, we could use this in virt-v2v to stream images into OpenStack Glance (instead of having to spool them into a temporary file).
I mentioned this to Paolo Bonzini yesterday and he suggested a simple workaround. Just replace the output with:
qemu-img convert -n input nbd:...
and write an NBD server that turns the sequence of writes from qemu-img into a stream that gets written to a pipe. Assuming the output is raw, then
qemu-img convert will write, starting at disk offset 0, linearly through to the end of the disk image.
How to write such an NBD server easily? nbdkit is a project I started to make it easy to write NBD servers.
So I wrote a streaming plugin which does exactly that, in 243 lines of code.
Using a feature called captive nbdkit, you can rewrite the above command as:
nbdkit -U - streaming pipe=/tmp/output --run '
qemu-img convert -n input -O raw $nbd
(This command will “hang” when you run it — you have to attach some process to read from the pipe, eg:
md5sum < /tmp/output)
The streaming plugin will a lot more generally useful if it supported a sliding window, allowing limited reverse seeking and reading. So there’s a nice little project for a motivated person. See here
nbdkit is a liberally licensed NBD (Network Block Device) server designed to let you connect all sorts of crazy disk images sources (like Amazon, Glance, VMware VDDK) to the universal network protocol for sharing disk images: NBD.
New in nbdkit 1.1.8: cURL support. This lets you turn any HTTP, FTP, TFTP or SSH server that hosts a disk image into an NBD server.
$ nbdkit -r curl url=http://onuma/scratch/boot.iso
and then you can read the disk image using guestfish, qemu or any other nbd client:
$ guestfish --ro -a nbd://localhost -i
Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.
Type: 'help' for help on commands
'man' to read the manual
'quit' to quit the shell
/dev/sda mounted on /
If you are using a normal SSH server like OpenSSH which supports the SSH File Transfer Protocol (aka SFTP), then you can use SFTP to access images:
$ nbdkit -r curl url=sftp://rjones@localhost/~/fedora-20.img
I’m hoping to enable write support in a future version.
It doesn’t work at the moment because I haven’t worked out how to switch between read (GET) and write (POST) requests in a single cURL handle. Perhaps I need to use two handles? The documentation is confusing.