Re: [libvirt] [PATCH v1 00/11] Rework storage migration
On 28.11.2012 11:59, Daniel P. Berrange wrote:
On Tue, Nov 27, 2012 at 07:49:54PM +0100, Michal Privoznik wrote:
> This patch set re-implements migration with storage for enough new qemu.
> Currently, you can migrate a domain to a host without need for shared storage.
> This is done by setting 'blk' or 'inc' attribute (representing
> VIR_MIGRATE_NON_SHARED_DISK and VIR_MIGRATE_NON_SHARED_INC flags respectively)
> of 'migrate' monitor command. However, the qemu implementation is
> buggy and applications are advised to switch to new impementation
> which, moreover, offers some nice features, like migrating only explicitly
> specified disks.
>
> The new functionality is controlled via 'nbd-server-*' and
'drive-mirror'
> commands. The flow is meant to look like this:
>
> 1) User invokes libvirt's migrate functionality.
>
> 2) libvirt checks that no block jobs are active on the source.
>
> 3) libvirt starts the destination QEMU and sets up the NBD server using the
> nbd-server-start and nbd-server-add commands.
>
> 4) libvirt starts drive-mirror with a destination pointing to the remote NBD
> server, for example nbd:host:port:exportname=diskname (where diskname is the
> -drive id specified on the destination).
This is where I have a problem with automatically using the new impl. If
we consider that we need to allow multiple concurrent migrations, We are
introducing a requirement to open arbitrary number of ports in the firewall.
This data stream is also cleartext without any encryption, even using an
encrypted qcow2 disk won't help, since we're transferring the logical guest
side blocks, not the physical host side blocks.
What you have here is fine in the direct migration case, since we already
require arbitrary open ports and non-encrypted data stream.
If the user has requested TUNNELLED migration, we need follow up work done.
We need the NBD server to be able to accept a pre-opened file descriptor
to rather than listening on a TCP host/port, and then for libvirtd to
tunnel the data stream somehow. Alternatively just use the old impl in
the TUNNELLED case.
Right. Given how big this patch set is just for direct migration, I
think we can save TUNNELLED case for a separate patch set. Having said
that, this needs to be squashed into 2/11 patch:
- if (qemuCapsGet(priv->caps, QEMU_CAPS_NBD_SERVER))
- cookie_flags |= QEMU_MIGRATION_COOKIE_NBD;
+ if (qemuCapsGet(priv->caps, QEMU_CAPS_NBD_SERVER)) {
+ /* TODO support NBD for TUNNELLED migration */
+ if (flags & VIR_MIGRATE_TUNNELLED)
+ VIR_DEBUG("NBD in tunnelled migration is currently not
supported");
+ else
+ cookie_flags |= QEMU_MIGRATION_COOKIE_NBD;
+ }
Michal