[pve-devel] [PATCH] spice migration
Alexandre Derumier
aderumier at odiso.com
Mon Jul 22 11:16:28 CEST 2013
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
PVE/API2/Qemu.pm | 12 +-----------
PVE/QMPClient.pm | 3 ++-
PVE/QemuMigrate.pm | 37 ++++++++++++++++++++++++++++++++++++-
PVE/QemuServer.pm | 30 ++++++++++++++++++++++++++++--
4 files changed, 67 insertions(+), 15 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 2c86487..29e7647 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1381,18 +1381,8 @@ __PACKAGE__->register_method({
$proxy = $host;
}
- # read x509 subject
my $filename = "/etc/pve/local/pve-ssl.pem";
- my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
- my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
- Net::SSLeay::BIO_free($bio);
- my $nameobj = Net::SSLeay::X509_get_subject_name($x509);
- my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
- Net::SSLeay::X509_free($x509);
-
- # remote-viewer wants comma as seperator (not '/')
- $subject =~ s!^/!!;
- $subject =~ s!/(\w+=)!,$1!g;
+ my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
my $cacert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192);
$cacert =~ s/\n/\\n/g;
diff --git a/PVE/QMPClient.pm b/PVE/QMPClient.pm
index 4305cd6..dd64796 100755
--- a/PVE/QMPClient.pm
+++ b/PVE/QMPClient.pm
@@ -87,7 +87,8 @@ sub cmd {
$cmd->{execute} eq 'backup-cancel' ||
$cmd->{execute} eq 'query-savevm' ||
$cmd->{execute} eq 'delete-drive-snapshot' ||
- $cmd->{execute} eq 'snapshot-drive' ) {
+ $cmd->{execute} eq 'client_migrate_info' ||
+ $cmd->{execute} eq 'snapshot-drive') {
$timeout = 10*60; # 10 mins ?
} else {
$timeout = 3; # default
diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
index dd48f78..29070f6 100644
--- a/PVE/QemuMigrate.pm
+++ b/PVE/QemuMigrate.pm
@@ -11,6 +11,7 @@ use PVE::Cluster;
use PVE::Storage;
use PVE::QemuServer;
use Time::HiRes qw( usleep );
+use PVE::RPCEnvironment;
use base qw(PVE::AbstractMigrate);
@@ -307,7 +308,7 @@ sub phase2 {
$self->log('info', "starting VM $vmid on remote node '$self->{node}'");
my $rport;
-
+ my $spice_port;
my $nodename = PVE::INotify::nodename();
## start on remote node
@@ -323,6 +324,8 @@ sub phase2 {
if ($line =~ m/^migration listens on port (\d+)$/) {
$rport = $1;
+ }elsif ($line =~ m/^spice listens on port (\d+)$/) {
+ $spice_port = $1;
}
}, errfunc => sub {
my $line = shift;
@@ -380,6 +383,25 @@ sub phase2 {
PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate-set-cache-size", value => $cachesize);
};
+ if($conf->{vga} eq 'qxl'){
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my ($ticket, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $self->{node});
+
+ my $filename = "/etc/pve/nodes/".$self->{node}."/pve-ssl.pem";
+ my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
+
+ $self->log('info', "spice client_migrate_info");
+ PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => 'toto');
+
+ eval {
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "client_migrate_info", protocol => 'spice', hostname => $proxyticket, 'tls-port' => int($spice_port), 'cert-subject' => $subject);
+ };
+ $self->log('info', "client_migrate_info error: $@") if $@;
+
+ }
+
eval {
PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri => "tcp:localhost:$lport");
};
@@ -418,6 +440,19 @@ sub phase2 {
my $mbps = sprintf "%.2f", $conf->{memory}/$delay;
my $downtime = $stat->{downtime} || 0;
$self->log('info', "migration speed: $mbps MB/s - downtime $downtime ms");
+
+ my $timer = 0;
+ if($conf->{vga} eq 'qxl'){
+ $self->log('info', "Waiting for spice server migration");
+ while (1) {
+ my $res = PVE::QemuServer::vm_mon_cmd_nocheck($vmid, 'query-spice');
+ last if int($res->{'migrated'}) == 1;
+ last if $timer > 10;
+ $timer ++;
+ sleep 1;
+ }
+ }
+
}
}
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index fc1f9cc..46c6913 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -2464,7 +2464,7 @@ sub config_to_command {
my $port = PVE::Tools::next_unused_port(61000, 61099);
- push @$cmd, '-spice', "tls-port=$port,addr=127.0.0.1,$x509,tls-ciphers=DES-CBC3-SHA";
+ push @$cmd, '-spice', "tls-port=$port,addr=127.0.0.1,$x509,tls-ciphers=DES-CBC3-SHA,seamless-migration=on";
push @$cmd, '-device', "virtio-serial,id=spice$pciaddr";
@@ -2598,7 +2598,7 @@ sub vnc_socket {
sub spice_port {
my ($vmid) = @_;
- my $res = vm_mon_cmd($vmid, 'query-spice');
+ my $res = vm_mon_cmd_nocheck($vmid, 'query-spice');
return $res->{'tls-port'} || $res->{'port'} || die "no spice port\n";
}
@@ -3095,6 +3095,15 @@ sub vm_start {
$capabilities->{capability} = "xbzrle";
$capabilities->{state} = JSON::true;
eval { vm_mon_cmd_nocheck($vmid, "migrate-set-capabilities", capabilities => [$capabilities]); };
+ if($conf->{vga} eq 'qxl'){
+ my $spice_port = PVE::QemuServer::spice_port($vmid);
+ print "spice listens on port $spice_port\n" if $spice_port;
+ #fixme : we need to send previous spiceticket to target
+ my $oldticket = '';
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "set_password", protocol => 'spice', password => $oldticket);
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "expire_password", protocol => 'spice', time => "+5");
+ }
+
}
else{
@@ -4856,4 +4865,21 @@ sub get_current_qemu_machine {
return $current || $default || 'pc';
}
+sub read_x509_subject_spice {
+ my ($filename) = @_;
+
+ # read x509 subject
+ my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
+ my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
+ Net::SSLeay::BIO_free($bio);
+ my $nameobj = Net::SSLeay::X509_get_subject_name($x509);
+ my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
+ Net::SSLeay::X509_free($x509);
+
+ # remote-viewer wants comma as seperator (not '/')
+ $subject =~ s!^/!!;
+ $subject =~ s!/(\w+=)!,$1!g;
+
+ return $subject;
+}
1;
--
1.7.10.4
More information about the pve-devel
mailing list