On Thu, Mar 17, 2016 at 17:58:46 +0300, Nikolay Shirokovskiy wrote: > Current libvirt + qemu pair lacks secure migrations in case of > VMs with non-shared disks. The only option to migrate securely > natively is to use tunneled mode and some kind of secure > destination URI. But tunelled mode does not support non-shared > disks. > > The other way to make migration secure is to organize a tunnel > by external means. This is possible in case of shared disks > migration thru use of proper combination of destination URI, > migration URI and VIR_MIGRATE_PARAM_LISTEN_ADDRESS migration > param. But again this is not possible in case of non shared disks > migration as we have no option to control target nbd server port. > But fixing this much more simplier that supporting non-shared > disks in tunneled mode. > > So this patch series adds option to set target ndb port. > > Finally all qemu migration connections will be secured AFAIK but > even in this case this patch could be convinient if one wants > all migration traffic be put in a single connection. > > difference from v3: > =================== > > Revert code of starting nbd server back to v2. > > Nikolay Shirokovskiy (2): > migration: add target peer disks port > qemu: implement setting target disks migration port > > include/libvirt/libvirt-domain.h | 10 +++++ > src/qemu/qemu_driver.c | 25 +++++++---- > src/qemu/qemu_migration.c | 92 +++++++++++++++++++++++++++++----------- > src/qemu/qemu_migration.h | 3 ++ > tools/virsh-domain.c | 12 ++++++ > tools/virsh.pod | 5 ++- > 6 files changed, 113 insertions(+), 34 deletions(-) ACK series I fixed the nits in 2/2 and pushed this series. Thanks and sorry for the long time it took to review this. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list