X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=TODO;h=6c5d18329f074baa574eb6104337681b2bb2ebf1;hp=6579629f9bd9e05bcd6be0cf876d244d15927aff;hb=ced99cf69e55515a58b4651767bda4ab17c82776;hpb=87fb6d852db04d0d707e6587d4579d1cf2bd05ef diff --git a/TODO b/TODO index 6579629..6c5d183 100644 --- a/TODO +++ b/TODO @@ -441,23 +441,6 @@ More inspection features - last user who logged in - lastlog, last, who -Get the guest icon ------------------- - -- For Linux guests, use /etc/favicon.png if available, else get it in - a distro-specific manner. -- For Windows guests, parse it out of c:\windows\explorer.exe - -Integrate event log parsing more closely ----------------------------------------- - -https://rwmj.wordpress.com/2011/04/17/decoding-the-windows-event-log-using-guestfish/ - -We should at least make sure the tools are packaged up for Fedora. We -could document formally how to do event log parsing. Also the above -only works for Windows Vista and later (since the log format changed), -so we could extend this to work for earlier versions. - Integrate virt-inspector with CMDBs ----------------------------------- @@ -467,3 +450,153 @@ right range of data so that integration would be possible. The standards for CMDBs come from the DMTF, see eg: http://dmtf.org/news/pr/2009/7/dmtf-releases-cmdbf-standard-federating-configuration-management-data + +Efficient way to visit all files +-------------------------------- + +https://rwmj.wordpress.com/2010/12/15/tip-audit-virtual-machine-for-setuid-files/#content + +A naive method would look like: + + g#visit ~return_stats:true "/" ( + fun pathname stat -> + ... + ) + +However this has two disadvantages: + + - requires hand-written custom bindings in each language + - unclear about locking, thread-safety and re-entrancy of handle g + +A better way would be to have some sort of explicit "download all +filenames and stat structures", which could then be iterated over: + + let files = g#find_opts ~return_stats:true "/" in + List.iter ( + fun pathname stat -> + ... + ) + +The problem with this is that 'files' is going to be larger than a +protocol buffer. + +This leads to thinking about changes to the protocol / generator to +make this simpler. The proposal would be to add RBigStringList, +RBigStructList [or RBig (Ranytype ...)]. These would work like +FileOut, in that they would use file streaming to stream XDR +structures (probably written to a file on the library side). +Generated code would hide most of the implementation. + +We also need to think about security issues: is it possible for the +daemon to keep sending back data forever, and if so what happens on +the library side. + +[Users can now use virt-ls to solve some of these problems, but it is +not a general solution at the API level] + +Interactive disk creator +------------------------ + +An interactive disk creator program. + +Attach method for disconnected operation +---------------------------------------- + +http://libguestfs.org/guestfs.3.html#guestfs_set_attach_method + +"Librarian" has an idea that he should be able to attach to a regular +appliance, but disconnect from it and reconnect to it later. This +would be some sort of modified attach method (see link above). + +The complexity here is that we would no longer have access to +stdin/stdout (or we'd have to direct that somewhere else). + +GObject Introspection +--------------------- + +We periodically get asked to implement gobject-introspection (it's a +GNOME thing): + +http://live.gnome.org/GObjectIntrospection + +This would require a separate Gtk C API since the main guestfs handle +would have to be encapsulated in a GObject. However the main +difficulty is that the annotations supported to define types are not +very rich. Notably missing are support for optional arguments +(defined but not implemented), support for structs (unless mapped to +other objects). + +Also note that the libguestfs API is not "object oriented". + +libosinfo mappings for virt-inspector +------------------------------------- + +Return libosinfo mappings from inspection API. + +virt-sysprep ideas +------------------ + + - touch /.unconfigured ? + - other Spacewalk / RHN IDs (?) + - Kerberos keys + - Puppet registration + - user accounts + - Windows sysprep + (see: https://github.com/clalancette/oz/blob/e74ce83283d468fd987583d6837b441608e5f8f0/oz/Windows.py ) + - blue skies: change the background image + - (librarian suggests ...) + . install a firstboot script virt-sysprep --script=/tmp/foo.sh + . run an external shell script + . run external guestfish script virt-sysprep --fish=/tmp/foo.fish + . rm /var/cache/apt/archives/* + - /var/run/* and pam_faillock's data files + - homedirs/.ssh directory, especially /root/.ssh (Steve Grubb) + - if drives are encrypted, then dm-crypt key should be changed + and drives all re-encrypted + - /etc/pki + (Steve says ...) + Rpm uses nss. Nss sets up its crypto database in + /etc/pki. Depending on how long the machine ran before cloning, you + may have picked up some certificates or things. This is an area + that you would want to look into. + - secure erase of inodes etc using scrub (Steve Grubb) + - other directories that could require cleaning include: + /var/cache/gdm/* + /var/lib/fprint/* + /var/run/* + /var/lib/AccountService/users/* + /var/lib/sss/db/* + /var/lib/samba/* + /var/lib/samba/*/* + (thanks Marko Myllynen, James Antill) + +Launch remote sessions over ssh +------------------------------- + +We had an idea you could add a launch method that uses ssh, ie. all +febootstrap and qemu commands happen the same as now, but prefixed by +ssh so it happens on a remote machine. + +Note that proper remote support and integration with libvirt is +different from this, and people are working on that. ssh would just +be "remote-lite". + +virt-make-fs and virt-win-reg need to not be in Perl +---------------------------------------------------- + +Probably they should be in C or OCaml. + +Integrate snap-type functionality in inspection tools +----------------------------------------------------- + +Mo Morsi's "snap" program lets you describe a guest as the list of +packages (eg. RPMs) installed + changes made to those RPMs + files +added. + +http://projects.morsi.org/wiki/Snap + +This results in a compact description of the guest. He even managed +to do a kind of migration of guests by simply recreating the guest +from the description on the target machine. + +It would be ideal to integrate this and/or use inspection to do this.