On 8/23/22 08:55, Daniel P. Berrangé wrote:
On Mon, Aug 22, 2022 at 02:52:26PM -0400, Stefan Berger wrote:
On 8/22/22 12:35, Daniel P. Berrangé wrote:
On Mon, Aug 22, 2022 at 08:05:47AM -0400, Stefan Berger wrote:
This series of patches adds support for migrating vTPMs across hosts whose
storage has been set up to share the directory structure holding the state
of the TPM (swtpm). The domain XML is extended with a shared_storage
attribute that must be set to 'yes' when shared storage is used. It
We don't require any 'shared_storage' attribute for disk images - we just
aim to "do the right thing" automatically. If we want to support shared
storage for TPM, then IMHO it should likewise be made transparent.
What's the thinking behind putting the TPM on shared storage though ?
It's drive by swtpm user(s):
https://github.com/stefanberger/swtpm/pull/732
The driving force is having the state available on the destination to
restart a VM there if the original host failed. Allegedly all hosts in their
setup would share the necessary storage to be able to do that with TPM state
but then presumably also with the disk image(s).
Ok, so use case is resilience rather than specifically live
migration.
Yes, support for HA.
The state is tiny so you're not going to notice it being transferred
Tiny is relative to disk sizes. It can become ~260kb or so, depending on how
much is stored in the NVRAM areas, but yes, it's comparably small.
I meant 'tiny' in the sense that the time required to live migration
it is not measureably significant. Compared with say migrating disk
storage, which could add hours to a live migration if it wasn't on
shared storage.
I won't change QEMU for support of shared storage setups. It will
continue migrating the TPM state. However, shared storage setups need
special management support, which this series tries to address.
