[pve-devel] [PATCH] qemu-server: add support for unsecure migration (setting in datacenter.cfg)

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Fri Jul 26 10:11:56 CEST 2013 

Am 26.07.2013 09:56, schrieb Dietmar Maurer:
>> diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
>> index dd48f78..be7df23 100644
>> --- a/PVE/QemuMigrate.pm
>> +++ b/PVE/QemuMigrate.pm
>> @@ -306,8 +306,8 @@ sub phase2 {
>>
>>      $self->log('info', "starting VM $vmid on remote node '$self->{node}'");
>>
>> +    my $raddr;
>>      my $rport;
>> -
>>      my $nodename = PVE::INotify::nodename();
>>
>>      ## start on remote node
>> @@ -320,27 +320,28 @@ sub phase2 {
>>
>>      PVE::Tools::run_command($cmd, outfunc => sub {
>>  	my $line = shift;
>> -
>> -	if ($line =~ m/^migration listens on port (\d+)$/) {
>> -	    $rport = $1;
>> +	if ($line =~ m/^migration listens on tcp:([\d\.]+|localhost):(\d+)$/) {
>> +	    $raddr = $1;
>> +	    $rport = $2;
> 
> please can you allow both formats?

Will do.

>>  	}
>>      }, errfunc => sub {
>>  	my $line = shift;
>>  	$self->log('info', $line);
>>      });
>>
>> -    die "unable to detect remote migration port\n" if !$rport;
>> -
>> -    $self->log('info', "starting migration tunnel");
>> +    die "unable to detect remote migration address\n" if !$raddr;
>>
>> -    ## create tunnel to remote port
>> -    my $lport = PVE::Tools::next_migrate_port();
>> -    $self->{tunnel} = $self->fork_tunnel($self->{nodeip}, $lport, $rport);
> 
> I would prefer to always start "qm mtunnel" on the other side, because it
> does some additional checks (quorum - maybe other tests in future),

OK

> (just remove ssh parameters '-L', "$lport:localhost:$rport" if !$rport in fork_tunnel)

That makes no sense to me as $rport is always set. Or do you mean if
$raddr ne "localhost"?

>> +    if ($raddr eq "localhost") {
>> +        $self->log('info', "starting ssh migration tunnel");
>>
>> -    $self->log('info', "starting online/live migration on port $lport");
>> -    # start migration
>> +        ## create tunnel to remote port
>> +        my $lport = PVE::Tools::next_migrate_port();
>> +        $self->{tunnel} = $self->fork_tunnel($self->{nodeip}, $lport, $rport);
>> +    }
>>
>>      my $start = time();
>> +    $self->log('info', "starting online/live migration on $raddr:$rport");
>> +    $self->{livemigration} = 1;
> 
> no need to change if we start the tunnel anyways?
Most probably but maybe still nicer than relying on tunnel variable?

>>
>>      # load_defaults
>>      my $defaults = PVE::QemuServer::load_defaults();
>> @@ -381,9 +382,10 @@ sub phase2 {
>>      };
>>
>>      eval {
>> -        PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri =>
>> "tcp:localhost:$lport");
>> +        PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri =>
>> "tcp:$raddr:$rport");
>>      };
>>      my $merr = $@;
>> +    $self->log('info', "migrate uri => tcp:$raddr:$rport failed: $merr") if $merr;
>>
>>      my $lstat = 0;
>>      my $usleep = 2000000;
>> @@ -535,8 +537,8 @@ sub phase3_cleanup {
>>      die "Failed to move config to node '$self->{node}' - rename failed: $!\n"
>>          if !rename($conffile, $newconffile);
>>
>> -    # now that config file is move, we can resume vm on target if livemigrate
>> -    if ($self->{tunnel}) {
>> +    if ($self->{livemigration}) {
>> +	# now that config file is move, we can resume vm on target if
>> livemigrate
>>  	my $cmd = [@{$self->{rem_ssh}}, 'qm', 'resume', $vmid, '--skiplock'];
>>  	eval{ PVE::Tools::run_command($cmd, outfunc => sub {},
>>  		errfunc => sub {
>> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
>> index 94d63fe..edb6ce4 100644
>> --- a/PVE/QemuServer.pm
>> +++ b/PVE/QemuServer.pm
>> @@ -3059,11 +3059,17 @@ sub vm_start {
>>  	my ($cmd, $vollist) = config_to_command($storecfg, $vmid, $conf,
>> $defaults, $forcemachine);
>>
>>  	my $migrate_port = 0;
>> -
>> +	my $migrate_uri;
>>  	if ($statefile) {
>>  	    if ($statefile eq 'tcp') {
>> +		my $localip = "localhost";
>> +		my $datacenterconf =
>> PVE::Cluster::cfs_read_file('datacenter.cfg');
>> +		if ($datacenterconf->{migration_unsecure}) {
>> +			my $nodename = PVE::INotify::nodename();
>> +			$localip =
>> PVE::Cluster::remote_node_ip($nodename, 1);
>> +		}
>>  		$migrate_port = PVE::Tools::next_migrate_port();
>> -		my $migrate_uri = "tcp:localhost:${migrate_port}";
>> +		$migrate_uri = "tcp:${localip}:${migrate_port}";
>>  		push @$cmd, '-incoming', $migrate_uri;
>>  		push @$cmd, '-S';
>>  	    } else {
>> @@ -3091,7 +3097,7 @@ sub vm_start {
>>  	my $err = $@;
>>  	die "start failed: $err" if $err;
>>
>> -	print "migration listens on port $migrate_port\n" if $migrate_port;
>> +	print "migration listens on $migrate_uri\n" if $migrate_uri;
>>
>>  	if ($statefile && $statefile ne 'tcp')  {
>>  	    eval { vm_mon_cmd_nocheck($vmid, "cont"); };
>> --
>> 1.7.10.4
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
>

More information about the pve-devel mailing list