Add QEMU and Libvirt version in the VMI status

[alicefr]

Is your feature request related to a problem? Please describe:
An easy way to check the QEMU and Libvirt version my VM is using

Describe the solution you'd like:
Today, it isn't very straightforward to retrieve the libvirt and QEMU versions. This information can be useful for bug report and we could add it into the VMI status.

Describe alternatives you've considered:
Exec in virt-launcher pod and execute virsh version

[vasiliy-ul]

I have several thoughts on that. That topic may need some additional discussions:

1. I am not sure if this info should be exposed in KubeVirt CR. Previously we had some attempts to enable other hypervisors to work with KubeVirt (namely CloudHypervisor) and e.g. QEMU version does not fit to that.
2. I would imagine that ideally KubeVirt should rely only on libvirt interfaces and thus the usage of QEMU should be hidden from end users.
3. In case we want this info to be embedded during build: the way how the package versions are exposed should also consider downstream builds from other vendors. Not everyone uses bazel and libvirt/qemu from centos. Native Go build should also be considered, IMHO.

[alicefr]

I have several thoughts on that. That topic may need some additional discussions:

1. I am not sure if this info should be exposed in KubeVirt CR. Previously we had some attempts to enable other hypervisors to work with KubeVirt (namely CloudHypervisor) and e.g. QEMU version does not fit to that.

Well, in this case, we should report the version of that hypervisor as well. Do we expect too many? The current opened design proposal for Cloud Hypervisor is planning to use libvirt. So, at least we should report the libvirt version

2. I would imagine that ideally KubeVirt should rely only on libvirt interfaces and thus the usage of QEMU should be hidden from end users.

My idea for this was for better reporting version for bugs. As you mention this information might be difficult to find for users. In the case of virtualization bugs then we also need this.

3. In case we want this info to be embedded during build: the way how the package versions are exposed should also consider downstream builds from other vendors. Not everyone uses bazel and libvirt/qemu from centos. Native Go build should also be considered, IMHO.

I'm not sure when it is the better time, but yes probably build time would be the right point.

[vasiliy-ul]

I also thought about kubevirt/community#259. With multi-hypervisor cluster, I am not sure if CR is the right place to expose such info. But yeah, depends on how far this proposal will go.

[alicefr]

I thought to KubeVirt CR because we already report there the sha of the images and the version of the server.

[fabiand]

Btw. In Kube, the Kubelet has an API / HTTP endpoint in order to report certain things.
Maybe this is something to add to the handler, and be queried via virtctl?

[vasiliy-ul]

Hm.. I see only operator version. No SHAs.

kubevirt/staging/src/kubevirt.io/api/core/v1/types.go

Lines 2001 to 2019 in ee87726

	// KubeVirtStatus represents information pertaining to a KubeVirt deployment.
	type KubeVirtStatus struct {
	Phase KubeVirtPhase `json:"phase,omitempty"`
	Conditions []KubeVirtCondition `json:"conditions,omitempty" optional:"true"`
	OperatorVersion string `json:"operatorVersion,omitempty" optional:"true"`
	TargetKubeVirtRegistry string `json:"targetKubeVirtRegistry,omitempty" optional:"true"`
	TargetKubeVirtVersion string `json:"targetKubeVirtVersion,omitempty" optional:"true"`
	TargetDeploymentConfig string `json:"targetDeploymentConfig,omitempty" optional:"true"`
	TargetDeploymentID string `json:"targetDeploymentID,omitempty" optional:"true"`
	ObservedKubeVirtRegistry string `json:"observedKubeVirtRegistry,omitempty" optional:"true"`
	ObservedKubeVirtVersion string `json:"observedKubeVirtVersion,omitempty" optional:"true"`
	ObservedDeploymentConfig string `json:"observedDeploymentConfig,omitempty" optional:"true"`
	ObservedDeploymentID string `json:"observedDeploymentID,omitempty" optional:"true"`
	OutdatedVirtualMachineInstanceWorkloads *int `json:"outdatedVirtualMachineInstanceWorkloads,omitempty" optional:"true"`
	ObservedGeneration *int64 `json:"observedGeneration,omitempty"`
	DefaultArchitecture string `json:"defaultArchitecture,omitempty"`
	// +listType=atomic
	Generations []GenerationStatus `json:"generations,omitempty" optional:"true"`
	}

[alicefr]

Hm.. I see only operator version. No SHAs.

kubevirt/staging/src/kubevirt.io/api/core/v1/types.go

Lines 2001 to 2019 in ee87726

	// KubeVirtStatus represents information pertaining to a KubeVirt deployment.
	type KubeVirtStatus struct {
	Phase KubeVirtPhase `json:"phase,omitempty"`
	Conditions []KubeVirtCondition `json:"conditions,omitempty" optional:"true"`
	OperatorVersion string `json:"operatorVersion,omitempty" optional:"true"`
	TargetKubeVirtRegistry string `json:"targetKubeVirtRegistry,omitempty" optional:"true"`
	TargetKubeVirtVersion string `json:"targetKubeVirtVersion,omitempty" optional:"true"`
	TargetDeploymentConfig string `json:"targetDeploymentConfig,omitempty" optional:"true"`
	TargetDeploymentID string `json:"targetDeploymentID,omitempty" optional:"true"`
	ObservedKubeVirtRegistry string `json:"observedKubeVirtRegistry,omitempty" optional:"true"`
	ObservedKubeVirtVersion string `json:"observedKubeVirtVersion,omitempty" optional:"true"`
	ObservedDeploymentConfig string `json:"observedDeploymentConfig,omitempty" optional:"true"`
	ObservedDeploymentID string `json:"observedDeploymentID,omitempty" optional:"true"`
	OutdatedVirtualMachineInstanceWorkloads *int `json:"outdatedVirtualMachineInstanceWorkloads,omitempty" optional:"true"`
	ObservedGeneration *int64 `json:"observedGeneration,omitempty"`
	DefaultArchitecture string `json:"defaultArchitecture,omitempty"`
	// +listType=atomic
	Generations []GenerationStatus `json:"generations,omitempty" optional:"true"`
	}

They are reported in the Observed(/Target)DeploymentConfig. Example:

$ kubectl get kubevirt kubevirt -n kubevirt -oyaml
apiVersion: kubevirt.io/v1
kind: KubeVirt
metadata:
[..]
status:
[...]
  observedDeploymentConfig: '{"id":"4f0465991d97afa4a098cd26d953f612b272f778","namespace":"kubevirt","registry":"registry:5000/kubevirt","kubeVirtVersion":"devel","virtOperatorSha":"sha256:e714136a25105f59c35ff74fa47e1cb7ac189850a1028c748ea6e74949497c72","virtApiSha":"sha256:9469d1f9c9a8c48a7052a5505a2d07db9ec8645e3593d7917cfcb63abc246f9c","virtControllerSha":"sha256:fb0d94369d1ba77f61019539216b1d143d8793449d57bd0fc818d48203c09ab2","virtHandlerSha":"sha256:dcbd17b3262663f194b2b9101e172391fe2446b94a33889cbcb84b0b2cf0ae13","virtLauncherSha":"sha256:2ad220b3c600d8e743c6de8000a333853693df722e244cb02d001bb98d947392","virtExportProxySha":"sha256:303e9f150de54528f0cc135900e3223b1149c40a3b23130497b88e97ca47288d","virtExportServerSha":"sha256:705a278c9ba4f7094c62ac4ec7aa2bdfed483dff9d9e480f53ba2fc6c17185cb","gsSha":"sha256:67bc73b9fe4470f5c7f354615137e229c76a6b0956f7f31da0556388fba8e5d5","prHelperSha":"sha256:e62afd95663d61c118b69826943c1a4da406bbb9c2159c3006d4187757998f2d","additionalProperties":{"CertificateRotationStrategy":"\u003cv1.KubeVirtCertificateRotateStrategy
    Value\u003e","Configuration":"\u003cv1.KubeVirtConfiguration Value\u003e","CustomizeComponents":"\u003cv1.CustomizeComponents
    Value\u003e","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"null","Infra":"\u003c*v1.ComponentConfig
    Value\u003e","MonitorAccount":"","MonitorNamespace":"","ProductComponent":"","ProductName":"","ProductVersion":"","ServiceMonitorNamespace":"","UninstallStrategy":"","WorkloadUpdateStrategy":"\u003cv1.KubeVirtWorkloadUpdateStrategy
    Value\u003e","Workloads":"\u003c*v1.ComponentConfig Value\u003e"}}'
  observedDeploymentID: 4f0465991d97afa4a098cd26d953f612b272f778
  observedGeneration: 2
  observedKubeVirtRegistry: registry:5000/kubevirt
  observedKubeVirtVersion: devel
  operatorVersion: v1.2.0-rc.0.310+652f3fcf5840c9-dirty
  outdatedVirtualMachineInstanceWorkloads: 0
  phase: Deployed
  targetDeploymentConfig: '{"id":"4f0465991d97afa4a098cd26d953f612b272f778","namespace":"kubevirt","registry":"registry:5000/kubevirt","kubeVirtVersion":"devel","virtOperatorSha":"sha256:e714136a25105f59c35ff74fa47e1cb7ac189850a1028c748ea6e74949497c72","virtApiSha":"sha256:9469d1f9c9a8c48a7052a5505a2d07db9ec8645e3593d7917cfcb63abc246f9c","virtControllerSha":"sha256:fb0d94369d1ba77f61019539216b1d143d8793449d57bd0fc818d48203c09ab2","virtHandlerSha":"sha256:dcbd17b3262663f194b2b9101e172391fe2446b94a33889cbcb84b0b2cf0ae13","virtLauncherSha":"sha256:2ad220b3c600d8e743c6de8000a333853693df722e244cb02d001bb98d947392","virtExportProxySha":"sha256:303e9f150de54528f0cc135900e3223b1149c40a3b23130497b88e97ca47288d","virtExportServerSha":"sha256:705a278c9ba4f7094c62ac4ec7aa2bdfed483dff9d9e480f53ba2fc6c17185cb","gsSha":"sha256:67bc73b9fe4470f5c7f354615137e229c76a6b0956f7f31da0556388fba8e5d5","prHelperSha":"sha256:e62afd95663d61c118b69826943c1a4da406bbb9c2159c3006d4187757998f2d","additionalProperties":{"CertificateRotationStrategy":"\u003cv1.KubeVirtCertificateRotateStrategy
    Value\u003e","Configuration":"\u003cv1.KubeVirtConfiguration Value\u003e","CustomizeComponents":"\u003cv1.CustomizeComponents
    Value\u003e","ImagePullPolicy":"IfNotPresent","ImagePullSecrets":"null","Infra":"\u003c*v1.ComponentConfig
    Value\u003e","MonitorAccount":"","MonitorNamespace":"","ProductComponent":"","ProductName":"","ProductVersion":"","ServiceMonitorNamespace":"","UninstallStrategy":"","WorkloadUpdateStrategy":"\u003cv1.KubeVirtWorkloadUpdateStrategy
[..]

[vasiliy-ul]

This reports SHA only as part of the field's value, and this value is not defined in the API (since its type is just a generic string). There is no explicit API field with launcher's SHA

I would say that libvirt/qemu version info more belongs to the status of the VMI.

[alicefr]

This reports SHA only as part of the field's value, and this value is not defined in the API (since its type is just a generic string). There is no explicit API field with launcher's SHA

I would say that libvirt/qemu version info more belongs to the status of the VMI.

Mh, yes it makes sense, it would also solves the hypervisor point you raised previously. If we support multiple hypervisor, this could be reported there as well
I'll update the title and description. Thanks!

[EdDev]

Are there examples from a well known project that exposes such details through formal API?

For debugging, you can use the log.
If the system or user does not need to act on this information for its operation, I would avoid adding it to the API of any CRD.

[EdDev]

/sig api

[alicefr]

it is true, we can get the information from the log

[lyarwood]

Is the assumption that a trusted VM owner could just exec into the virt-launcher pod and get these versions anyway?

This isn't something you'd want untrusted users to have knowledge about tbh as they could easily detect when/if the environment become vulnerable to a CVE etc.

[kubevirt-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[kubevirt-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

/lifecycle rotten

[kubevirt-bot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

/close

[kubevirt-bot]

@kubevirt-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.