Re: [libvirt PATCH 8/9] qemu: Allow migration over UNIX socket

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 25, 2020 at 17:12:59 +0100, Daniel P. Berrangé wrote:
> On Tue, Aug 25, 2020 at 05:53:32PM +0200, Jiri Denemark wrote:
> > On Tue, Aug 25, 2020 at 07:47:14 +0200, Martin Kletzander wrote:
> > > -    /* RDMA and multi-fd migration requires QEMU to connect to the destination
> > > -     * itself.
> > > -     */
> > > -    if (STREQ(uribits->scheme, "rdma") || (flags & VIR_MIGRATE_PARALLEL))
> > > -        spec.destType = MIGRATION_DEST_HOST;
> > > -    else
> > > -        spec.destType = MIGRATION_DEST_CONNECT_HOST;
> > > -    spec.dest.host.protocol = uribits->scheme;
> > > -    spec.dest.host.name = uribits->server;
> > > -    spec.dest.host.port = uribits->port;
> > > +    if (STREQ(uribits->scheme, "unix")) {
> > > +        if (flags & VIR_MIGRATE_TLS) {
> > > +            virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> > > +                           _("Migration over UNIX socket with TLS is not supported"));
> > > +            return -1;
> > > +        }
> > > +        if (flags & VIR_MIGRATE_PARALLEL) {
> > > +            virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> > > +                           _("Parallel migration over UNIX socket is not supported"));
> > > +            return -1;
> > > +        }
> > 
> > Is there a reason for not supporting TLS and multi-fd with unix sockets?
> > >From libvirt's POV this should be fairly trivial (can be a follow-up
> > patch, though): introduce MIGRATION_DEST_SOCKET in addition to
> > MIGRATION_DEST_CONNECT_SOCKET and use it to instruct QEMU to connect
> > using unix: URI (unless this support was removed from QEMU).
> 
> multi-fd is certainly desirable to support and I don't see any reason
> to block that.
> 
> TLS is more problematic, at least if you are using x509 credentials then
> you need to tell QEMU what hostname to use for validation. This would
> require us to accept a hostname parameter in the URI giving the UNIX
> socket.

We already support this generally regardless on the transport via
VIR_MIGRATE_PARAM_TLS_DESTINATION parameter.

Jirka




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux