On Tue, Feb 21, 2017 at 22:47:38 +0100, Jiri Denemark wrote: > On Fri, Feb 17, 2017 at 14:39:30 -0500, John Ferlan wrote: > > https://bugzilla.redhat.com/show_bug.cgi?id=1300769 > > > > Modify the Begin phase to add the checks to determine whether a migration > > wishes to use TLS and whether it's configured including adding the secret > > into the priv->migSecinfo for the source domain. > > > > Modify the Perform phase in qemuMigrationRun in order to generate the > > TLS objects to be used for the migration and set the migration channel > > parameters 'tls-creds' and possibly 'tls-hostname' in order to enable TLS. > > > > Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> > > --- > > src/qemu/qemu_migration.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 55 insertions(+) ... > You store the migrateTLS info in the status XML on the destination host > where libvirtd restart almost always kills the QEMU process. But you > didn't bother storing the flag on the source where the QEMU process > almost always remains running when libvirtd is restarted. > > The freshly started libvirtd calls qemuProcessRecoverMigration* to > finish or cancel the ongoing migration and both functions (or functions > which are called from them) need to properly cleanup the TLS objects. Actually I think we don't need to store migrateTLS in the status XML at all since we can just unconditionally delete the objects when a restarted libvirtd founds a domain with running migration. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
