[pve-devel] [PATCH] qemu-server: add support for unsecure migration (setting in datacenter.cfg)

Dietmar Maurer dietmar at proxmox.com
Fri Jul 26 09:56:55 CEST 2013 

> diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
> index dd48f78..be7df23 100644
> --- a/PVE/QemuMigrate.pm
> +++ b/PVE/QemuMigrate.pm
> @@ -306,8 +306,8 @@ sub phase2 {
> 
>      $self->log('info', "starting VM $vmid on remote node '$self->{node}'");
> 
> +    my $raddr;
>      my $rport;
> -
>      my $nodename = PVE::INotify::nodename();
> 
>      ## start on remote node
> @@ -320,27 +320,28 @@ sub phase2 {
> 
>      PVE::Tools::run_command($cmd, outfunc => sub {
>  	my $line = shift;
> -
> -	if ($line =~ m/^migration listens on port (\d+)$/) {
> -	    $rport = $1;
> +	if ($line =~ m/^migration listens on tcp:([\d\.]+|localhost):(\d+)$/) {
> +	    $raddr = $1;
> +	    $rport = $2;

please can you allow both formats?

>  	}
>      }, errfunc => sub {
>  	my $line = shift;
>  	$self->log('info', $line);
>      });
> 
> -    die "unable to detect remote migration port\n" if !$rport;
> -
> -    $self->log('info', "starting migration tunnel");
> +    die "unable to detect remote migration address\n" if !$raddr;
> 
> -    ## create tunnel to remote port
> -    my $lport = PVE::Tools::next_migrate_port();
> -    $self->{tunnel} = $self->fork_tunnel($self->{nodeip}, $lport, $rport);

I would prefer to always start "qm mtunnel" on the other side, because it
does some additional checks (quorum - maybe other tests in future),

(just remove ssh parameters '-L', "$lport:localhost:$rport" if !$rport in fork_tunnel)

> +    if ($raddr eq "localhost") {
> +        $self->log('info', "starting ssh migration tunnel");
> 
> -    $self->log('info', "starting online/live migration on port $lport");
> -    # start migration
> +        ## create tunnel to remote port
> +        my $lport = PVE::Tools::next_migrate_port();
> +        $self->{tunnel} = $self->fork_tunnel($self->{nodeip}, $lport, $rport);
> +    }
> 
>      my $start = time();
> +    $self->log('info', "starting online/live migration on $raddr:$rport");
> +    $self->{livemigration} = 1;

no need to change if we start the tunnel anyways?

> 
>      # load_defaults
>      my $defaults = PVE::QemuServer::load_defaults();
> @@ -381,9 +382,10 @@ sub phase2 {
>      };
> 
>      eval {
> -        PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri =>
> "tcp:localhost:$lport");
> +        PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri =>
> "tcp:$raddr:$rport");
>      };
>      my $merr = $@;
> +    $self->log('info', "migrate uri => tcp:$raddr:$rport failed: $merr") if $merr;
> 
>      my $lstat = 0;
>      my $usleep = 2000000;
> @@ -535,8 +537,8 @@ sub phase3_cleanup {
>      die "Failed to move config to node '$self->{node}' - rename failed: $!\n"
>          if !rename($conffile, $newconffile);
> 
> -    # now that config file is move, we can resume vm on target if livemigrate
> -    if ($self->{tunnel}) {
> +    if ($self->{livemigration}) {
> +	# now that config file is move, we can resume vm on target if
> livemigrate
>  	my $cmd = [@{$self->{rem_ssh}}, 'qm', 'resume', $vmid, '--skiplock'];
>  	eval{ PVE::Tools::run_command($cmd, outfunc => sub {},
>  		errfunc => sub {
> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
> index 94d63fe..edb6ce4 100644
> --- a/PVE/QemuServer.pm
> +++ b/PVE/QemuServer.pm
> @@ -3059,11 +3059,17 @@ sub vm_start {
>  	my ($cmd, $vollist) = config_to_command($storecfg, $vmid, $conf,
> $defaults, $forcemachine);
> 
>  	my $migrate_port = 0;
> -
> +	my $migrate_uri;
>  	if ($statefile) {
>  	    if ($statefile eq 'tcp') {
> +		my $localip = "localhost";
> +		my $datacenterconf =
> PVE::Cluster::cfs_read_file('datacenter.cfg');
> +		if ($datacenterconf->{migration_unsecure}) {
> +			my $nodename = PVE::INotify::nodename();
> +			$localip =
> PVE::Cluster::remote_node_ip($nodename, 1);
> +		}
>  		$migrate_port = PVE::Tools::next_migrate_port();
> -		my $migrate_uri = "tcp:localhost:${migrate_port}";
> +		$migrate_uri = "tcp:${localip}:${migrate_port}";
>  		push @$cmd, '-incoming', $migrate_uri;
>  		push @$cmd, '-S';
>  	    } else {
> @@ -3091,7 +3097,7 @@ sub vm_start {
>  	my $err = $@;
>  	die "start failed: $err" if $err;
> 
> -	print "migration listens on port $migrate_port\n" if $migrate_port;
> +	print "migration listens on $migrate_uri\n" if $migrate_uri;
> 
>  	if ($statefile && $statefile ne 'tcp')  {
>  	    eval { vm_mon_cmd_nocheck($vmid, "cont"); };
> --
> 1.7.10.4
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

More information about the pve-devel mailing list