February 2020 - Devel - Libvirt List Archives

Fwd: FW: [libvirt PATCH 0/6] Introduce Local Migration Support in Libvirt

by Prerna

On 2/3/20, 7:16 PM, "Daniel P. Berrangé" <berrange(a)redhat.com> wrote: On Mon, Feb 03, 2020 at 10:42:48AM -0300, Daniel Henrique Barboza wrote: > Hi Daniel, > > I am happy that Libvirt is pushing local migration/live patching support, but > at the same time I am wondering what changed from what you said here: Err, this isn't libvirt pushing local migration. I'm simply re-posting these patches on behalf of Shaju who is unable to post the patches due to our broken mail server. Don't take this as meaning that I approve of the patches. They're simply here for discussion as any other patch proposal is. Thank you for forwarding the patch to the list, Danpb. That is largely still my view. Sure, and we will be happy to discuss this further, as noted below :) > To give you a background, we have live patching enhancements in IBM backlog > since a few years ago, and one on the reasons these were being postponed > time and time again were the lack of Libvirt support and this direction of > "Libvirt is not interested in supporting it". And this message above was being > used internally as the rationale for it. Hi Daniel HB, Thank you for pointing out the fact that this has been in discussion since 2013. While Shaju's patches were independent as an RFC, we will be happy to collaborate to push for a joint solution. The fact that this has been requested time and again, and the fact that most commercial cloud deployments out there already have an in-place upgrade story [1] [2] -- should be good reason we holistically examine the use case once again. [1] https://kb.vmware.com/s/article/2005389 [2] https://dl.acm.org/doi/10.1145/3297858.3304034 Danpb had explained in much detail as to why mangling file and particularly socket paths can be messy in this patchset. However, even if libvirtd blocks in-place migrations for such legacy VMs until apps switch to more stringent XML semantics, it still may help cutting edge apps that intend to leverage this. I understand the presence of collision-causing file and socket paths can easily be checked as pre-migration checks, and should be trivial to implement. We can include a revised patchset with this check in place. Support for this feature has been present in qemu for a while for this use-case, and so maybe it is time we pass on the goodness up the stack as well. Happy to discuss more details on implementation and semantics, Warm regards, Prerna Saxena

5 years, 2 months

1
0
0 / 0

撤回: [PATCH 6/6] docs: update virt-admin.rst for server-update-tls

by Zhangbo (Oscar)

Zhangbo (Oscar) 将撤回邮件“[PATCH 6/6] docs: update virt-admin.rst for server-update-tls”。

5 years, 2 months

1
0
0 / 0

撤回: [PATCH 5/6] virt-admin: Introduce command srv-update-tls

by Zhangbo (Oscar)

Zhangbo (Oscar) 将撤回邮件“[PATCH 5/6] virt-admin: Introduce command srv-update-tls”。

5 years, 2 months

1
0
0 / 0

撤回: [PATCH 4/6] admin: support server cert update mode

by Zhangbo (Oscar)

Zhangbo (Oscar) 将撤回邮件“[PATCH 4/6] admin: support server cert update mode”。

5 years, 2 months

1
0
0 / 0

撤回: [PATCH 3/6] admin: Introduce virAdmServerUpdateTlsFiles

by Zhangbo (Oscar)

Zhangbo (Oscar) 将撤回邮件“[PATCH 3/6] admin: Introduce virAdmServerUpdateTlsFiles”。

5 years, 2 months

1
0
0 / 0

撤回: [PATCH 2/6] virnetserver: Introduce virNetServerUpdateTlsFiles

by Zhangbo (Oscar)

Zhangbo (Oscar) 将撤回邮件“[PATCH 2/6] virnetserver: Introduce virNetServerUpdateTlsFiles”。

5 years, 2 months

1
0
0 / 0

撤回: [PATCH 1/6] virnettlscontext: refactoring virNetTLSContextLoadCredentials

by Zhangbo (Oscar)

Zhangbo (Oscar) 将撤回邮件“[PATCH 1/6] virnettlscontext: refactoring virNetTLSContextLoadCredentials”。

5 years, 2 months

1
0
0 / 0

撤回: [PATCH 0/6] update tls files without restarting libvirtd

by Zhangbo (Oscar)

Zhangbo (Oscar) 将撤回邮件“[PATCH 0/6] update tls files without restarting libvirtd”。

5 years, 2 months

1
0
0 / 0

[PATCH 6/6] docs: update virt-admin.rst for server-update-tls

by Zhangbo (Oscar)

Update the manpage for the 'server-update-tls' command --- docs/manpages/virt-admin.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/manpages/virt-admin.rst b/docs/manpages/virt-admin.rst index 51c3d3917e..e19d1f1577 100644 --- a/docs/manpages/virt-admin.rst +++ b/docs/manpages/virt-admin.rst @@ -442,6 +442,27 @@ Set new client-related limits on *server*. *--max-clients*. +server-update-tls +----------------- + +**Syntax:** + +.. code-block:: + + server-update-tls server [--filetypes types] + +Update tls context on *server*. + +- *server* + + Available servers on a daemon. Currently only supports 'libvirtd'. + +- *--filetypes* + + Indicate which TLS related files need to be updated, such as CA cert, CA CRL, + server cert/key. ``types`` is bitwise-OR of tls related files. + + CLIENT COMMANDS =============== -- 2.23.0.windows.1

5 years, 2 months

1
0
0 / 0

[PATCH 5/6] virt-admin: Introduce command srv-update-tls

by Zhangbo (Oscar)

wire-up virAdmServerUpdateTlsFiles API into virt-admin client. --- tools/virt-admin.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/tools/virt-admin.c b/tools/virt-admin.c index 32edfe5757..85235ae03d 100644 --- a/tools/virt-admin.c +++ b/tools/virt-admin.c @@ -957,6 +957,84 @@ cmdSrvClientsSet(vshControl *ctl, const vshCmd *cmd) goto cleanup; } +/* ------------------------ + * Command srv-update-tls + * ------------------------ + */ +static const vshCmdInfo info_srv_update_tls_file[] = { + {.name = "help", + .data = N_("notify server to update TLS related files online.") + }, + {.name = "desc", + .data = N_("notify server to update the CA cert, " + "CA CRL, server cert / key without restarts. " + "See OPTIONS for currently supported attributes.") + }, + {.name = NULL} +}; + +static const vshCmdOptDef opts_srv_update_tls_file[] = { + {.name = "server", + .type = VSH_OT_DATA, + .flags = VSH_OFLAG_REQ, + .help = N_("Available servers on a daemon. " + "Currently only supports 'libvirtd'.") + }, + {.name = "filetypes", + .type = VSH_OT_INT, + .flags = VSH_OFLAG_REQ, + .help = N_("filetypes that need to be updated. " + "bitwise-OR of tls filetypes flags.\n" + " parameter Description:\n" + " --filetypes 1 ===> cacert\n" + " --filetypes 2 ===> cacrl\n" + " --filetypes 4 ===> server-cert\n" + " --filetypes 8 ===> server-key\n" + " or a combination of several values. eg:\n" + " --filetypes 3 ===> cacert | cacrl\n" + " notice:\n" + " server cert and key must be updated together.\n") + }, + {.name = NULL} +}; + +static bool +cmdSrvUpdateTlsFiles(vshControl *ctl, const vshCmd *cmd) +{ + bool ret = false; + const char *srvname = NULL; + unsigned int filetypes; + + virAdmServerPtr srv = NULL; + vshAdmControlPtr priv = ctl->privData; + + if (vshCommandOptStringReq(ctl, cmd, "server", &srvname) < 0) + return false; + + if (vshCommandOptUInt(ctl, cmd, "filetypes", &filetypes) < 0) + return false; + + if (filetypes == 0) { + vshError(ctl, "%s", _("filetypes can not be 0.")); + goto cleanup; + } + + if (!(srv = virAdmConnectLookupServer(priv->conn, srvname, 0))) + goto cleanup; + + if (virAdmServerUpdateTlsFiles(srv, filetypes, VIR_TLS_UPDATE_CLEAR) < 0) { + vshError(ctl, "%s", _("Unable to update server's tls related files.")); + goto cleanup; + } + + ret = true; + vshPrint(ctl, "update tls related files succeed\n"); + + cleanup: + virAdmServerFree(srv); + return ret; +} + /* -------------------------- * Command daemon-log-filters * -------------------------- @@ -1436,6 +1514,16 @@ static const vshCmdDef managementCmds[] = { .info = info_srv_clients_set, .flags = 0 }, + {.name = "srv-update-tls", + .flags = VSH_CMD_FLAG_ALIAS, + .alias = "server-update-tls" + }, + {.name = "server-update-tls", + .handler = cmdSrvUpdateTlsFiles, + .opts = opts_srv_update_tls_file, + .info = info_srv_update_tls_file, + .flags = 0 + }, {.name = "daemon-log-filters", .handler = cmdDaemonLogFilters, .opts = opts_daemon_log_filters, -- 2.23.0.windows.1

5 years, 2 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel February 2020