Re: live migration via unix socket

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 28, 2018 at 05:07:18PM -0400, David Vossel wrote:
> Hey,
> 
> Over in KubeVirt we're investigating a use case where we'd like to perform
> a live migration within a network namespace that does not provide libvirtd
> with network access. In this scenario we would like to perform a live
> migration by proxying the migration through a unix socket to a process in
> another network namespace that does have network access.  That external
> process would live on every node in the cluster and know how to correctly
> route connections between libvirtds.
> 
> virsh example of an attempted migration via unix socket.
> 
> virsh migrate --copy-storage-all --p2p --live --xml domain.xml my-vm
> qemu+unix:///system?socket=destination-host-proxy-sock
> 
> In this example, the src libvirtd is able to establish a connection to the
> destination libvirtd via the unix socket proxy. However, the migration-uri
> appears to require either tcp or rdma network connection.  If I force the
> migration-uri to be a unix socket, I receive an error [1] indicating that
> qemu+unix is not a valid transport.

qemu+unix is a syntax for libvirt's URI format.  The URI scheme for
migration is not the same, so you can't simply plug in qemu+unix here.

> 
> Technically with qemu+kvm I believe what we're attempting should be
> possible (even though it is inefficient). Please correct me if I'm wrong.
> 
> Is there a way to achieve this migration via unix socket functionality this
> using Libvirt? Also, is there a reason why the migration uri is limited to
> tcp/rdma

Internally libvirt does exactly this when using its TUNNELLED live migration
mode. In this QEMU is passed an anonymous UNIX socket and the data is all
copied over the libvirtd <-> libvirtd connection and then copied again back
to QEMU on another UNIX socket. This was done because QEMU has long had no
ability to encrypt live migration, so tunnelling over libvirtd's own TLS
secured connection was only secure mechanism.

We've done work in QEMU to natively support TLS now so that we can get rid
of this tunnelling, as this architecture decreased performance and consumed
precious CPU memory bandwidth, which is particularly bad when libvirtd and
QEMU were on different NUMA nodes. It is already a challenge to get live
migration to successfully complete even with a direct network connection.
Although QEMU can do it at the low level, we've never exposed anything
other than direct network transports at the API level. 

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users



[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux