Chapter 17. Virtualization live migration
Red Hat Virtualization includes the capabilities to support migration of para-virtualized guests between Red Hat Virtualization servers. Migration can either be performed in two ways:
Offline mode using the command xm migrate . In this mode the virtual machine will be stopped on the original host and restarted on the new host.
VirtualMachineName HostName
Live mode using the --live option for the command xm migrate --live .
VirtualMachineNameHostName
Take note of the interchangeable use of relocation and migration throughout these section. The different terms are used to match the different naming conventions of certain configuration files. Both terms can be taken to mean the same thing, that is the relocation of one guest image from one server to another.
Virtual machine migration is presently unsupported on the Itanium® architecture.
To enable the use of migration a few changes must be made to configuration file /etc/xen/xend-config.sxp. By default migration is disabled due to the potentially harmful affects on the host's security. Opening the relocation port carries the potential ability of unauthorized hosts and users to initiate migrate or connect to the relocation ports. As there is no specific authentication for relocation requests and the only control mechanism is based on hostnames and IP addresses special care should be taken to make sure the migration port and server is not accessible to unauthorized hosts.
IP address and hostname filters offer only minimal security. Both of these attributes can be forged if the attacker knows the address or hostname of the migration client. The best method for securing migration is to isolate the network the host and client are on from external and unauthorized internal connections.
Modify the following entries in /etc/xen/xend-config.sxp to enable migration, remove the comments preceding the parameters in the configuration file:
(xend-relocation-server yes)
The default value is no to keep the migration server deactivated. Unless you are using a trusted network, the domain virtual memory will be exchanged in raw form without encryption of the communication.
You modify the xend-relocation-hosts-allow option to restrict access to the migration server.
(xend-relocation-port 8002)
The parameter, (xend-relocation-port), specifies the port xend should use for the relocation interface, if xend-relocation-server is set to yes
The default value of this variable should work for most installations. If you change the value make sure you are using an unused port on the relocation server.
(xend-relocation-address '')
(xend-relocation-address)is the address the xend should listen on for relocation-socket connections, if xend-relocation-server is set.
The default is listen on all active interfaces, the parameter can be used to restrict the relocation server to only listen to a specific interface. The default value in /etc/xen/xend-config.sxp is an empty string(''). This value should be replaced with a valid list of addresses or regular expressions surrounded by single quotes.
(xend-relocation-hosts-allow '')
The (xend-relocation-hosts-allow ) parameter is used to control the hosts who are allowed to talk to the relocation port.
If the value is empty, as denoted in the example above by an epty string surrounded by single quotes, then all connections are allowed. This assumes the connection arrives on a port and interface which the relocation server listens on, see also xend-relocation-port and xend-relocation-address above).
Otherwise, the (xend-relocation-hosts-allow ) parameter should be a sequence of regular expressions separated by spaces. Any host with a fully-qualified domain name or an IP address which matches one of these regular expressions will be accepted.
An example of a (xend-relocation-hosts-allow ) attribute:
(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
After you have configured the parameters in your configuration file you should reboot the host to restart your environment with the new parameters.