[pve-devel] [PATCH] spice migration

Alexandre Derumier aderumier at odiso.com
Tue Jul 23 10:33:09 CEST 2013


Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 PVE/API2/Qemu.pm   |   21 +++++++++------------
 PVE/QMPClient.pm   |    3 ++-
 PVE/QemuMigrate.pm |   41 ++++++++++++++++++++++++++++++++++++++++-
 PVE/QemuServer.pm  |   32 +++++++++++++++++++++++++++++---
 4 files changed, 80 insertions(+), 17 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 2c86487..0ec548a 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1381,18 +1381,8 @@ __PACKAGE__->register_method({
 	    $proxy = $host;
 	}
 
-	# read x509 subject
 	my $filename = "/etc/pve/local/pve-ssl.pem";
-	my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
-	my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
-	Net::SSLeay::BIO_free($bio);
-	my $nameobj =  Net::SSLeay::X509_get_subject_name($x509);
-	my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
-	Net::SSLeay::X509_free($x509);
-
-	# remote-viewer wants comma as seperator (not '/')
-	$subject =~ s!^/!!;
-	$subject =~ s!/(\w+=)!,$1!g;
+	my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
 
 	my $cacert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192);
 	$cacert =~ s/\n/\\n/g;
@@ -1515,6 +1505,11 @@ __PACKAGE__->register_method({
 	    skiplock => get_standard_option('skiplock'),
 	    stateuri => get_standard_option('pve-qm-stateuri'),
 	    migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
+	    spiceticket => {
+		description => "spiceticket from migration",
+		type => 'string',
+		optional => 1
+	    },
 	    machine => get_standard_option('pve-qm-machine'),
 	},
     },
@@ -1534,6 +1529,8 @@ __PACKAGE__->register_method({
 
 	my $machine = extract_param($param, 'machine');
 
+	my $spiceticket = extract_param($param, 'spiceticket');
+
 	my $stateuri = extract_param($param, 'stateuri');
 	raise_param_exc({ stateuri => "Only root may use this option." })
 	    if $stateuri && $authuser ne 'root at pam';
@@ -1574,7 +1571,7 @@ __PACKAGE__->register_method({
 
 		syslog('info', "start VM $vmid: $upid\n");
 
-		PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef, $machine);
+		PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef, $machine, $spiceticket);
 
 		return;
 	    };
diff --git a/PVE/QMPClient.pm b/PVE/QMPClient.pm
index 4305cd6..dd64796 100755
--- a/PVE/QMPClient.pm
+++ b/PVE/QMPClient.pm
@@ -87,7 +87,8 @@ sub cmd {
 		 $cmd->{execute} eq 'backup-cancel' ||
 		 $cmd->{execute} eq 'query-savevm' ||
 		 $cmd->{execute} eq 'delete-drive-snapshot' ||
-		 $cmd->{execute} eq 'snapshot-drive'  ) {
+		 $cmd->{execute} eq 'client_migrate_info' ||
+		 $cmd->{execute} eq 'snapshot-drive') {
 	    $timeout = 10*60; # 10 mins ?
 	} else {
 	    $timeout = 3; # default
diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
index dd48f78..8a14891 100644
--- a/PVE/QemuMigrate.pm
+++ b/PVE/QemuMigrate.pm
@@ -11,6 +11,7 @@ use PVE::Cluster;
 use PVE::Storage;
 use PVE::QemuServer;
 use Time::HiRes qw( usleep );
+use PVE::RPCEnvironment;
 
 use base qw(PVE::AbstractMigrate);
 
@@ -307,13 +308,18 @@ sub phase2 {
     $self->log('info', "starting VM $vmid on remote node '$self->{node}'");
 
     my $rport;
-
+    my $spice_port;
     my $nodename = PVE::INotify::nodename();
 
     ## start on remote node
     my $cmd = [@{$self->{rem_ssh}}, 'qm', 'start',
                $vmid, '--stateuri', 'tcp', '--skiplock', '--migratedfrom', $nodename];
 
+    if($conf->{vga} eq 'qxl'){
+	my $res = PVE::QemuServer::vm_mon_cmd($vmid, 'query-spice');
+	push @$cmd, '--spiceticket', $res->{ticket} if $res->{ticket};
+    }
+
     if ($self->{forcemachine}) {
 	push @$cmd, '--machine', $self->{forcemachine};
     }
@@ -323,6 +329,8 @@ sub phase2 {
 
 	if ($line =~ m/^migration listens on port (\d+)$/) {
 	    $rport = $1;
+	}elsif ($line =~ m/^spice listens on port (\d+)$/) {
+	    $spice_port = $1;
 	}
     }, errfunc => sub {
 	my $line = shift;
@@ -380,6 +388,24 @@ sub phase2 {
 	PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate-set-cache-size", value => $cachesize);
     };
 
+    if($conf->{vga} eq 'qxl'){
+	my $rpcenv = PVE::RPCEnvironment::get();
+	my $authuser = $rpcenv->get_user();
+
+	my ($ticket, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $self->{node});
+
+	my $filename = "/etc/pve/nodes/".$self->{node}."/pve-ssl.pem";
+        my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
+
+	$self->log('info', "spice client_migrate_info");
+
+	eval {
+	    PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "client_migrate_info", protocol => 'spice', hostname => $proxyticket, 'tls-port' => int($spice_port), 'cert-subject' => $subject);
+	};
+	$self->log('info', "client_migrate_info error: $@") if $@;
+
+    }
+
     eval {
         PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri => "tcp:localhost:$lport");
     };
@@ -418,6 +444,7 @@ sub phase2 {
 		    my $mbps = sprintf "%.2f", $conf->{memory}/$delay;
 		    my $downtime = $stat->{downtime} || 0;
 		    $self->log('info', "migration speed: $mbps MB/s - downtime $downtime ms");
+
 		}
 	    }
 
@@ -550,6 +577,18 @@ sub phase3_cleanup {
 	}
     }
 
+    my $timer = 0;
+    if($conf->{vga} eq 'qxl'){
+        $self->log('info', "Waiting for spice server migration");
+	while (1) {
+	    my $res = PVE::QemuServer::vm_mon_cmd_nocheck($vmid, 'query-spice');
+	    last if int($res->{'migrated'}) == 1;
+	    last if $timer > 50;
+	    $timer ++;
+	    usleep(200000);
+        }
+    }
+
     # always stop local VM
     eval { PVE::QemuServer::vm_stop($self->{storecfg}, $vmid, 1, 1); };
     if (my $err = $@) {
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index fc1f9cc..79d5d58 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -2464,7 +2464,7 @@ sub config_to_command {
 	
 	my $port = PVE::Tools::next_unused_port(61000, 61099);
 
-	push @$cmd, '-spice', "tls-port=$port,addr=127.0.0.1,$x509,tls-ciphers=DES-CBC3-SHA";
+	push @$cmd, '-spice', "tls-port=$port,addr=127.0.0.1,$x509,tls-ciphers=DES-CBC3-SHA,seamless-migration=on";
 
 
 	push @$cmd, '-device', "virtio-serial,id=spice$pciaddr";
@@ -2598,7 +2598,7 @@ sub vnc_socket {
 sub spice_port {
     my ($vmid) = @_;
 
-    my $res = vm_mon_cmd($vmid, 'query-spice');
+    my $res = vm_mon_cmd_nocheck($vmid, 'query-spice');
 
     return $res->{'tls-port'} || $res->{'port'} || die "no spice port\n";
 }
@@ -3032,7 +3032,7 @@ sub qga_unfreezefs {
 }
 
 sub vm_start {
-    my ($storecfg, $vmid, $statefile, $skiplock, $migratedfrom, $paused, $forcemachine) = @_;
+    my ($storecfg, $vmid, $statefile, $skiplock, $migratedfrom, $paused, $forcemachine, $spiceticket) = @_;
 
     lock_config($vmid, sub {
 	my $conf = load_config($vmid, $migratedfrom);
@@ -3095,6 +3095,15 @@ sub vm_start {
 	    $capabilities->{capability} =  "xbzrle";
 	    $capabilities->{state} = JSON::true;
 	    eval { vm_mon_cmd_nocheck($vmid, "migrate-set-capabilities", capabilities => [$capabilities]); };
+	    if($conf->{vga} eq 'qxl'){
+	        my $spice_port = PVE::QemuServer::spice_port($vmid);
+	        print "spice listens on port $spice_port\n" if $spice_port;
+		if($spiceticket){
+		    PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "set_password", protocol => 'spice', password => $spiceticket);
+		    PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "expire_password", protocol => 'spice', time => "+5");
+		}
+	    }
+
 	}
 	else{
 
@@ -4856,4 +4865,21 @@ sub get_current_qemu_machine {
     return $current || $default || 'pc';
 }
 
+sub read_x509_subject_spice {
+    my ($filename) = @_;
+
+    # read x509 subject
+    my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
+    my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
+    Net::SSLeay::BIO_free($bio);
+    my $nameobj = Net::SSLeay::X509_get_subject_name($x509);
+    my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
+    Net::SSLeay::X509_free($x509);
+  
+    # remote-viewer wants comma as seperator (not '/')
+    $subject =~ s!^/!!;
+    $subject =~ s!/(\w+=)!,$1!g;
+
+    return $subject;
+}
 1;
-- 
1.7.10.4




More information about the pve-devel mailing list