[libvirt] [PATCH v4 0/2] migration: add option to set target ndb server port

Nikolay Shirokovskiy nshirokovskiy at virtuozzo.com
Thu Mar 17 14:58:46 UTC 2016


Current libvirt + qemu pair lacks secure migrations in case of
VMs with non-shared disks. The only option to migrate securely
natively is to use tunneled mode and some kind of secure
destination URI. But tunelled mode does not support non-shared
disks.

The other way to make migration secure is to organize a tunnel
by external means. This is possible in case of shared disks
migration thru use of proper combination of destination URI,
migration URI and VIR_MIGRATE_PARAM_LISTEN_ADDRESS migration
param. But again this is not possible in case of non shared disks
migration as we have no option to control target nbd server port.
But fixing this much more simplier that supporting non-shared
disks in tunneled mode.

So this patch series adds option to set target ndb port.

Finally all qemu migration connections will be secured AFAIK but
even in this case this patch could be convinient if one wants
all migration traffic be put in a single connection.

difference from v3:
===================

Revert code of starting nbd server back to v2.

Nikolay Shirokovskiy (2):
  migration: add target peer disks port
  qemu: implement setting target disks migration port

 include/libvirt/libvirt-domain.h | 10 +++++
 src/qemu/qemu_driver.c           | 25 +++++++----
 src/qemu/qemu_migration.c        | 92 +++++++++++++++++++++++++++++-----------
 src/qemu/qemu_migration.h        |  3 ++
 tools/virsh-domain.c             | 12 ++++++
 tools/virsh.pod                  |  5 ++-
 6 files changed, 113 insertions(+), 34 deletions(-)

-- 
1.8.3.1




More information about the libvir-list mailing list