[pve-devel] [PATCH] qemu-server: add support for unsecure migration (setting in datacenter.cfg)

Stefan Priebe s.priebe at profihost.ag
Thu Dec 27 22:47:26 CET 2012


This patch adds support for unsecure migration using a direct tcp connection
KVM <=> KVM instead of an extra SSH tunnel. Without ssh the limit is just the
bandwith and no longer the CPU / one single core.

You can enable this by adding:
migration_unsecure: 1
to datacenter.cfg

Examples using qemu 1.4 as migration with qemu 1.3 still does not work for me:

current default with SSH Tunnel VM uses 2GB mem:
Dec 27 21:10:32 starting migration of VM 105 to node 'cloud1-1202' (10.255.0.20)
Dec 27 21:10:32 copying disk images
Dec 27 21:10:32 starting VM 105 on remote node 'cloud1-1202'
Dec 27 21:10:35 starting ssh migration tunnel
Dec 27 21:10:36 starting online/live migration on localhost:60000
Dec 27 21:10:36 migrate_set_speed: 8589934592
Dec 27 21:10:36 migrate_set_downtime: 1
Dec 27 21:10:38 migration status: active (transferred 152481002, remaining 1938546688), total 2156396544) , expected downtime 0
Dec 27 21:10:40 migration status: active (transferred 279836995, remaining 1811140608), total 2156396544) , expected downtime 0
Dec 27 21:10:42 migration status: active (transferred 421265271, remaining 1669840896), total 2156396544) , expected downtime 0
Dec 27 21:10:44 migration status: active (transferred 570987974, remaining 1520152576), total 2156396544) , expected downtime 0
Dec 27 21:10:46 migration status: active (transferred 721469404, remaining 1369939968), total 2156396544) , expected downtime 0
Dec 27 21:10:48 migration status: active (transferred 875595258, remaining 1216057344), total 2156396544) , expected downtime 0
Dec 27 21:10:50 migration status: active (transferred 1034654822, remaining 1056931840), total 2156396544) , expected downtime 0
Dec 27 21:10:54 migration status: active (transferred 1176288424, remaining 915369984), total 2156396544) , expected downtime 0
Dec 27 21:10:56 migration status: active (transferred 1339734759, remaining 752050176), total 2156396544) , expected downtime 0
Dec 27 21:10:58 migration status: active (transferred 1503743261, remaining 588206080), total 2156396544) , expected downtime 0
Dec 27 21:11:02 migration status: active (transferred 1645097827, remaining 446906368), total 2156396544) , expected downtime 0
Dec 27 21:11:04 migration status: active (transferred 1810562934, remaining 281751552), total 2156396544) , expected downtime 0
Dec 27 21:11:06 migration status: active (transferred 1964377505, remaining 126033920), total 2156396544) , expected downtime 0
Dec 27 21:11:08 migration status: active (transferred 2077930417, remaining 0), total 2156396544) , expected downtime 0
Dec 27 21:11:09 migration speed: 62.06 MB/s - downtime 37 ms
Dec 27 21:11:09 migration status: completed
Dec 27 21:11:13 migration finished successfuly (duration 00:00:41)
TASK OK

with unsecure migration without SSH Tunnel:
Dec 27 22:43:14 starting migration of VM 105 to node 'cloud1-1203' (10.255.0.22)
Dec 27 22:43:14 copying disk images
Dec 27 22:43:14 starting VM 105 on remote node 'cloud1-1203'
Dec 27 22:43:17 starting online/live migration on 10.255.0.22:60000
Dec 27 22:43:17 migrate_set_speed: 8589934592
Dec 27 22:43:17 migrate_set_downtime: 1
Dec 27 22:43:19 migration speed: 1024.00 MB/s - downtime 1100 ms
Dec 27 22:43:19 migration status: completed
Dec 27 22:43:22 migration finished successfuly (duration 00:00:09)
TASK OK

---
 PVE/QemuMigrate.pm |   41 ++++++++++++++++++++---------------------
 PVE/QemuServer.pm  |   12 +++++++++---
 2 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
index 38f1d05..41b9446 100644
--- a/PVE/QemuMigrate.pm
+++ b/PVE/QemuMigrate.pm
@@ -298,8 +298,8 @@ sub phase2 {
 
     $self->log('info', "starting VM $vmid on remote node '$self->{node}'");
 
+    my $raddr;
     my $rport;
-
     my $nodename = PVE::INotify::nodename();
 
     ## start on remote node
@@ -308,27 +308,27 @@ sub phase2 {
 
     PVE::Tools::run_command($cmd, outfunc => sub {
 	my $line = shift;
-
-	if ($line =~ m/^migration listens on port (\d+)$/) {
-	    $rport = $1;
+	if ($line =~ m/^migration listens on tcp:([\d\.]+|localhost):(\d+)$/) {
+	    $raddr = $1;
+	    $rport = $2;
 	}
     }, errfunc => sub {
 	my $line = shift;
 	$self->log('info', $line);
     });
 
-    die "unable to detect remote migration port\n" if !$rport;
+    die "unable to detect remote migration address\n" if !$raddr;
 
-    $self->log('info', "starting migration tunnel");
+    if ($raddr eq "localhost") {
+        $self->log('info', "starting ssh migration tunnel");
 
-    ## create tunnel to remote port
-    my $lport = PVE::QemuServer::next_migrate_port();
-    $self->{tunnel} = $self->fork_tunnel($self->{nodeip}, $lport, $rport);
-
-    $self->log('info', "starting online/live migration on port $lport");
-    # start migration
+        ## create tunnel to remote port 
+        my $lport = PVE::QemuServer::next_migrate_port();
+        $self->{tunnel} = $self->fork_tunnel($self->{nodeip}, $lport, $rport);
+    }
 
     my $start = time();
+    $self->log('info', "starting online/live migration on $raddr:$rport");
 
     # load_defaults
     my $defaults = PVE::QemuServer::load_defaults();
@@ -369,9 +369,10 @@ sub phase2 {
     };
 
     eval {
-        PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri => "tcp:localhost:$lport");
+        PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri => "tcp:$raddr:$rport");
     };
     my $merr = $@;
+    $self->log('info', "migrate uri => tcp:$raddr:$rport failed: $merr") if $merr;
 
     my $lstat = 0;
     my $usleep = 2000000;
@@ -501,13 +502,11 @@ sub phase3_cleanup {
         if !rename($conffile, $newconffile);
 
     # now that config file is move, we can resume vm on target if livemigrate
-    if ($self->{tunnel}) {
-	my $cmd = [@{$self->{rem_ssh}}, 'qm', 'resume', $vmid, '--skiplock'];
-	eval{ PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => sub {}) };
-	if (my $err = $@) {
-	    $self->log('err', $err);
-	    $self->{errors} = 1;
-	}
+    my $cmd = [@{$self->{rem_ssh}}, 'qm', 'resume', $vmid, '--skiplock'];
+    eval{ PVE::Tools::run_command($cmd, outfunc => sub {}, errfunc => sub {}) };
+    if (my $err = $@) {
+        $self->log('err', $err);
+        $self->{errors} = 1;
     }
 
     # always stop local VM
@@ -536,7 +535,7 @@ sub phase3_cleanup {
     }
 
     # clear migrate lock
-    my $cmd = [ @{$self->{rem_ssh}}, 'qm', 'unlock', $vmid ];
+    $cmd = [ @{$self->{rem_ssh}}, 'qm', 'unlock', $vmid ];
     $self->cmd_logerr($cmd, errmsg => "failed to clear migrate lock");
 }
 
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index d56fe65..d7f82f5 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -2940,11 +2940,17 @@ sub vm_start {
 	my ($cmd, $vollist) = config_to_command($storecfg, $vmid, $conf, $defaults);
 
 	my $migrate_port = 0;
-
+	my $migrate_uri;
 	if ($statefile) {
 	    if ($statefile eq 'tcp') {
+		my $localip = "localhost";
+		my $datacenterconf = PVE::Cluster::cfs_read_file('datacenter.cfg');
+		if ($datacenterconf->{migration_unsecure}) {
+			my $nodename = PVE::INotify::nodename();
+			$localip = PVE::Cluster::remote_node_ip($nodename, 1);
+		}
 		$migrate_port = next_migrate_port();
-		my $migrate_uri = "tcp:localhost:${migrate_port}";
+		$migrate_uri = "tcp:${localip}:${migrate_port}";
 		push @$cmd, '-incoming', $migrate_uri;
 		push @$cmd, '-S';
 	    } else {
@@ -2972,7 +2978,7 @@ sub vm_start {
 	my $err = $@;
 	die "start failed: $err" if $err;
 
-	print "migration listens on port $migrate_port\n" if $migrate_port;
+	print "migration listens on $migrate_uri\n" if $migrate_uri;
 
 	if ($statefile && $statefile ne 'tcp')  {
 	    eval { vm_mon_cmd_nocheck($vmid, "cont"); };
-- 
1.7.10.4




More information about the pve-devel mailing list