Current libvirt + qemu pair lacks secure migrations in case of
VMs with non-shared disks. The only option to migrate securely
natively is to use tunneled mode and some kind of secure
destination URI. But tunelled mode does not support non-shared
disks.
The other way to make migration secure is to organize a tunnel
by external means. This is possible in case of shared disks
migration thru use of proper combination of destination URI,
migration URI and VIR_MIGRATE_PARAM_LISTEN_ADDRESS migration
param. But again this is not possible in case of non shared disks
migration as we have no option to control target nbd server port.
But fixing this much more simplier that supporting non-shared
disks in tunneled mode.
So this patch series adds option to set target ndb port.
Finally all qemu migration connections will be secured AFAIK but
even in this case this patch could be convinient if one wants
all migration traffic be put in a single connection.
difference from v2:
===================
1. patch is splitted into API and implementation parts
2. code that starts nbd server is reorganized
3. add check for setting disks port for tunneled case
4. misc small changes according to Jiri comments
Nikolay Shirokovskiy (2):
migration: add target peer disks port
qemu: implement setting target disks migration port
include/libvirt/libvirt-domain.h | 10 ++++
src/qemu/qemu_driver.c | 25 ++++++---
src/qemu/qemu_migration.c | 108 +++++++++++++++++++++++++++++----------
src/qemu/qemu_migration.h | 3 ++
tools/virsh-domain.c | 12 +++++
tools/virsh.pod | 5 +-
6 files changed, 127 insertions(+), 36 deletions(-)
--
1.8.3.1