[libvirt-users] (no subject)

How is tunnelled option specified during migratiion different than an ordinary ssh connection specified as:- virsh migrate vmName qemu+ssh://user@remotesys/system?

How is the traffic different when using the tunnelled option rather than ssh without tunnelling? On Wed, Mar 23, 2016, 5:14 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 22.03.2016 10:28, nidhi d wrote:
How is tunnelled option specified during migratiion different than an ordinary ssh connection specified as:- virsh migrate vmName qemu+ssh://user@remotesys/system?
virsh migrate --tunelled ...
Michal

On 23.03.2016 14:13, nidhi d wrote:
How is the traffic different when using the tunnelled option rather than ssh without tunnelling?
There are two migration streams here: 1) libvirt (used to transfer libvirt's internal state of domain onto the other side) 2) qemu (used to transfer qemu's internal state of domain onto the other side) specifying bare qemu+ssh:/// makes libvirt pack its stream into an ssh stream, but says nothing about qemu stream. Using tunnelling tells libvirt to encapsulate qemu migration stream into its own stream and thus into ssh stream too. Michal

I tried using tunnelled mode for vm migration, but migration failed with the error Permission denied(publickey,password):Connection reset by peer I have enabled passwordless ssh login at the destination. Also i am able to connect to the destination using using qemu+ssh. On Wed, Mar 23, 2016, 6:59 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 23.03.2016 14:13, nidhi d wrote:
How is the traffic different when using the tunnelled option rather than ssh without tunnelling?
There are two migration streams here:
1) libvirt (used to transfer libvirt's internal state of domain onto the other side) 2) qemu (used to transfer qemu's internal state of domain onto the other side)
specifying bare qemu+ssh:/// makes libvirt pack its stream into an ssh stream, but says nothing about qemu stream. Using tunnelling tells libvirt to encapsulate qemu migration stream into its own stream and thus into ssh stream too.
Michal

On 23.03.2016 14:47, nidhi d wrote:
I tried using tunnelled mode for vm migration, but migration failed with the error
Permission denied(publickey,password):Connection reset by peer
I have enabled passwordless ssh login at the destination. Also i am able to connect to the destination using using qemu+ssh.
Maybe the destination ssh is denying spawning a command? Libvirt spawns a netcat process to pass data through a unix socket to ssh tunnel. What's the error message you see on the destination? Michal

From the auth log at the destination: Failed password for <user> from <ip> port <no> ssh2
On Thu, Mar 24, 2016, 3:50 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 23.03.2016 14:47, nidhi d wrote:
I tried using tunnelled mode for vm migration, but migration failed with the error
Permission denied(publickey,password):Connection reset by peer
I have enabled passwordless ssh login at the destination. Also i am able to connect to the destination using using qemu+ssh.
Maybe the destination ssh is denying spawning a command? Libvirt spawns a netcat process to pass data through a unix socket to ssh tunnel. What's the error message you see on the destination?
Michal

On 24.03.2016 11:23, nidhi d wrote:
From the auth log at the destination: Failed password for <user> from <ip> port <no> ssh2
There's your answer. Libvirt really requires pubkey instead of passwd auth. http://wiki.libvirt.org/page/SSHSetup Michal

I have made all these changes in my Ubuntu desktop. I have also enabled passwordless login for ssh at destination. But still, everytime i run into the same problem. On Thu, Mar 24, 2016, 4:05 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 24.03.2016 11:23, nidhi d wrote:
From the auth log at the destination: Failed password for <user> from <ip> port <no> ssh2
There's your answer. Libvirt really requires pubkey instead of passwd auth.
http://wiki.libvirt.org/page/SSHSetup
Michal

If you use libvirt with the ‘sudo’ prefix ($ sudo virsh –c qemu+ssh://[host]/system) you also have to setup passwordless login for the root user. You can test it by: $ sudo –i $ ssh –l root [host] Van: libvirt-users-bounces@redhat.com [mailto:libvirt-users-bounces@redhat.com] Namens nidhi d Verzonden: donderdag 24 maart 2016 11:44 Aan: Michal Privoznik; libvirt-users@redhat.com Onderwerp: Re: [libvirt-users] (no subject) I have made all these changes in my Ubuntu desktop. I have also enabled passwordless login for ssh at destination. But still, everytime i run into the same problem. On Thu, Mar 24, 2016, 4:05 PM Michal Privoznik <mprivozn@redhat.com<mailto:mprivozn@redhat.com>> wrote: On 24.03.2016 11:23, nidhi d wrote:
From the auth log at the destination: Failed password for <user> from <ip> port <no> ssh2
There's your answer. Libvirt really requires pubkey instead of passwd auth. http://wiki.libvirt.org/page/SSHSetup Michal

Is the migration of xen vms implemented in libvirt? Using virsh migrate xen+ssh ?

On 29.03.2016 06:42, nidhi d wrote:
Is the migration of xen vms implemented in libvirt? Using virsh migrate xen+ssh ?
According to: http://libvirt.org/hvsupport.html yes. There's the basic (v1) migration. Michal

When i tried virsh migrate <vm> xen+ssh://user@remote/system I get the error This function is not supported by the connection driver:virDomainMigrate3

On 30.03.2016 06:35, nidhi d wrote:
When i tried
virsh migrate <vm> xen+ssh://user@remote/system
I get the error
This function is not supported by the connection driver:virDomainMigrate3
This is likely a bug in our code as migration should fall back all the way down to version 1 in this case. Jiri, any thoughts? Michal

nidhi d wrote:
When i tried
virsh migrate <vm> xen+ssh://user@remote/system
I get the error
This function is not supported by the connection driver:virDomainMigrate3
What version of libvirt and Xen are you using? And wrt to Xen, are you using the xm/xend or xl/libxl toolstacks? Regards, Jim

Hello I use lock_manager with libvirt 1.3 and I would like to know how is exactly calculate the hash SHA256. I would create a table to retreive the name with the hash in case of crash to release manualy the lock. Best regards

Libvirt version as per virsh --version 1.2.2 Xen version as per xl info 4.4.2 I am working with xl toolstack On Mar 30, 2016 11:09 PM, "Jim Fehlig" <jfehlig@suse.com> wrote:
nidhi d wrote:
When i tried
virsh migrate <vm> xen+ssh://user@remote/system
I get the error
This function is not supported by the connection driver:virDomainMigrate3
What version of libvirt and Xen are you using? And wrt to Xen, are you using the xm/xend or xl/libxl toolstacks?
Regards, Jim

On 03/30/2016 10:17 PM, nidhi d wrote:
Libvirt version as per virsh --version 1.2.2
Ah, there's your problem. Michal already pointed you to http://libvirt.org/hvsupport.html , which shows the migration APIs were added to the libxl driver in libvirt 1.2.6. Regards, Jim
Xen version as per xl info 4.4.2 I am working with xl toolstack
On Mar 30, 2016 11:09 PM, "Jim Fehlig" <jfehlig@suse.com <mailto:jfehlig@suse.com>> wrote:
nidhi d wrote: > When i tried > > virsh migrate <vm> xen+ssh://user@remote/system > > I get the error > > This function is not supported by the connection driver:virDomainMigrate3
What version of libvirt and Xen are you using? And wrt to Xen, are you using the xm/xend or xl/libxl toolstacks?
Regards, Jim

Is the only encryption mode supported in tunnelled migration of kvm machines using ssh-channel, aes-128 ?Is there some way to change the default encryption method?
participants (5)
-
Dominique Ramaekers
-
Jim Fehlig
-
Michal Privoznik
-
nidhi d
-
villeneu@kassis.univ-brest.fr