On 28.11.2012 11:59, Daniel P. Berrange wrote:
> On Tue, Nov 27, 2012 at 07:49:54PM +0100, Michal Privoznik wrote:
>> This patch set re-implements migration with storage for enough new qemu.
>> Currently, you can migrate a domain to a host without need for shared storage.
>> This is done by setting 'blk' or 'inc' attribute (representing
>> VIR_MIGRATE_NON_SHARED_DISK and VIR_MIGRATE_NON_SHARED_INC flags respectively)
>> of 'migrate' monitor command. However, the qemu implementation is
>> buggy and applications are advised to switch to new impementation
>> which, moreover, offers some nice features, like migrating only explicitly
>> specified disks.
>>
>> The new functionality is controlled via 'nbd-server-*' and 'drive-mirror'
>> commands. The flow is meant to look like this:
>>
>> 1) User invokes libvirt's migrate functionality.
>>
>> 2) libvirt checks that no block jobs are active on the source.
>>
>> 3) libvirt starts the destination QEMU and sets up the NBD server using the
>> nbd-server-start and nbd-server-add commands.
>>
>> 4) libvirt starts drive-mirror with a destination pointing to the remote NBD
>> server, for example nbd:host:port:exportname=diskname (where diskname is the
>> -drive id specified on the destination).
>
> This is where I have a problem with automatically using the new impl. If
> we consider that we need to allow multiple concurrent migrations, We are
> introducing a requirement to open arbitrary number of ports in the firewall.
> This data stream is also cleartext without any encryption, even using an
> encrypted qcow2 disk won't help, since we're transferring the logical guest
> side blocks, not the physical host side blocks.
>
> What you have here is fine in the direct migration case, since we already
> require arbitrary open ports and non-encrypted data stream.
>
> If the user has requested TUNNELLED migration, we need follow up work done.
> We need the NBD server to be able to accept a pre-opened file descriptor
> to rather than listening on a TCP host/port, and then for libvirtd to
> tunnel the data stream somehow. Alternatively just use the old impl in
> the TUNNELLED case.
Right. Given how big this patch set is just for direct migration, I
think we can save TUNNELLED case for a separate patch set. Having said
that, this needs to be squashed into 2/11 patch:
- if (qemuCapsGet(priv->caps, QEMU_CAPS_NBD_SERVER))
- cookie_flags |= QEMU_MIGRATION_COOKIE_NBD;
+ if (qemuCapsGet(priv->caps, QEMU_CAPS_NBD_SERVER)) {
+ /* TODO support NBD for TUNNELLED migration */
+ if (flags & VIR_MIGRATE_TUNNELLED)
+ VIR_DEBUG("NBD in tunnelled migration is currently not
supported");
+ else
+ cookie_flags |= QEMU_MIGRATION_COOKIE_NBD;
+ }
Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list