Re: [PATCH 0/7] qemu: tpm: Add support for migration across shared storage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Aug 22, 2022 at 08:05:47AM -0400, Stefan Berger wrote:
> This series of patches adds support for migrating vTPMs across hosts whose
> storage has been set up to share the directory structure holding the state
> of the TPM (swtpm). The domain XML is extended with a shared_storage
> attribute that must be set to 'yes' when shared storage is used. It

We don't require any 'shared_storage' attribute for disk images - we just
aim to "do the right thing" automatically. If we want to support shared
storage for TPM, then IMHO it should likewise be made transparent.

What's the thinking behind putting the TPM on shared storage though ?
The state is tiny so you're not going to notice it being transferred
in the regular migration stream, so there's no performance benefit
here.  Meanwhile it hurts security because we can't do SELinux isolation
on many NFS install, and the complexity of the dance around locking makes
the migration process more fragile. The pain we've had dealing with NFS
makes it really unappealing

> influences the management of the directory structure holding the TPM state,
> which for example is only to be removed when a domain is undefined (virsh
> undefine) and not when a VM is removed on the migration source host.
> Further, when shared storage is used security labeling on the destination
> side is skipped assuming that the labeling was already done on the source
> side.
> 
> I have tested this with an NFS setup where I had to turn SELinux off on
> the hosts since the SELinux MLS range labeling is not supported.

Have you tested in systems where 'root_squash' is enabled on the NFS
server, such that libvirt can't create the files as 'root' and then
chown them to 'qemu' later ? That's been a major source of pain related
to NFS for disks and snapshots historically.

> 
> Share storage migration requires the upcoming swtpm v0.8 with the PR
> for shared storage merged: https://github.com/stefanberger/swtpm/pull/732
> 
>    Stefan
> 
> Stefan Berger (7):
>   qemu: tpm: Pass parameter indicating reason for domain removal
>   util: Add parsing support for swtpm's cmdarg-migration capability
>   qemu: tpm: Conditionally create storage on incoming migration
>   qemu: tpm: Pass --migration option to swtpm when using shared storage
>   qemu: tpm: Avoid security labels on incoming migration with shared
>     storage
>   qemu: tpm: Remove TPM state files and directory only when undefining a
>     VM
>   qemu: config: Extend TPM domain XML with shared storage support
> 
>  docs/formatdomain.rst             | 16 ++++++++
>  src/conf/domain_conf.c            | 13 +++++++
>  src/conf/domain_conf.h            |  1 +
>  src/conf/schemas/domaincommon.rng |  5 +++
>  src/qemu/qemu_domain.c            | 12 +++---
>  src/qemu/qemu_domain.h            |  8 +++-
>  src/qemu/qemu_driver.c            | 20 +++++-----
>  src/qemu/qemu_extdevice.c         |  5 ++-
>  src/qemu/qemu_extdevice.h         |  3 +-
>  src/qemu/qemu_migration.c         | 13 ++++---
>  src/qemu/qemu_process.c           |  4 +-
>  src/qemu/qemu_snapshot.c          |  4 +-
>  src/qemu/qemu_tpm.c               | 61 ++++++++++++++++++++++++++-----
>  src/qemu/qemu_tpm.h               |  3 +-
>  src/util/virtpm.c                 |  1 +
>  src/util/virtpm.h                 |  1 +
>  16 files changed, 131 insertions(+), 39 deletions(-)
> 
> -- 
> 2.37.1
> 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux