I’m running a test host with some docker container in it like apache or mysql. Now I’d like to do some real virtualization using QEMU.
I like the features of docker that you’re been able to simply create an image and run it on different machines. This would be very useful when creating an QEMU Image with LibVirt. Then I can write an server communicating with each LibVirt instance in the different docker containers on different hosts.
Does anybody have experience with running QEMU in docker? Is it a good idea regarding performance? As far as I know docker doesn’t affect the CPU and Memory performance much.
I saw on docker hub that there’re some containers available, but is it a good idea?
What’s your goal? What do you think you’ll gain by doing it in Docker?
This seems unusual to me, because usually you want to run things in Docker so that they’re isolated from the host, but anything you run inside QEMU is already even more isolated, and isolating the emulator itself doesn’t seem especially valuable. For things like networking you need to contend with both the things Docker does and the things QEMU needs to do (so if you were running an emulated TCP service, you’d both need to map it from the QEMU virtual host and also publish the port from Docker). As a general rule, fewer layers doing the same thing is probably better.
It’s pretty trivial to find a prebuilt qemu image, but note that this only includes the emulator itself and not the VM image you’d want to run on top of it. Docker would consider those “data”, and you’d distribute them separately and attach them to the container at docker run time. The tianon/qemu image looks roughly like what I’d expect. Note the --device /dev/kmem: the container has unrestricted access to all host memory, which in effect means it’s running as root on the host.
The goal would be to have a docker image that holds the QEMU Emulator like the image you’ve listed, because it’s more transportable and can be easily updated.
But I also now think that it would be far better to run it directly on the host, because of the named arguments and especially because of the network requirements for example when you’re using spice there will be very much traffic to handle.