RE: [libvirt] [RFC]: Secure migration
From: libvir-list-bounces(a)redhat.com [mailto:libvir-list-
bounces(a)redhat.com] On Behalf Of Chris Lalancette
...
2) virsh on the controller connects to the src, and initiates the
migration
command. In turn, this causes the controller to also connect to the
dst. Now,
during the "Prepare" step on the dst, we setup a qemu container to
listen to
some port (call it 1234) on localhost. It also forks an external
program (or a
thread) to listen for an incoming gnutls connection. Next, the
"Perform" step
is call on the src machine. This forks an external program (or thread)
to
listen for incoming data from a localhost migration, do the gnutls
handshake
with the dst, and dump the data over the gnutls connection to the dst.
[IH] how is
the connection secured? Do you assume both hosts share
Kerberos/certificates trust? Does the controller pass a shared encryption
key to both parties?
(I also like this approach better, since it keeps the existing qemu
migration, which is hard enough to stabilize)