[pve-devel] Allow dedicated migration network (bug #1177)

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Oct 27 17:00:09 CEST 2016


This series add the abillity to set a dedicated migration network, without
the need to set all the IPs from all nodes on this network.

It touches common, cluster, qemu-server and container so quite a bit.

The general idea is from the mailing list discussion (I have no link
available as in our archives only the initial post is available (the
archives looks a bit broken in general?)) no the discussion itself.
The initial post was:
http://pve.proxmox.com/pipermail/pve-user/2016-October/011180.html

Anyway, the idea is adding a migrate property to the datacenter config with
the format:
migrate: type=<ssh | insecure>,network=<CIDR>

(the 'tls' type may be added in the future)

Further this information can now also be given to the qm migrate call, can
be helpful if the migration network is dead and a VM has to migrated now.

The migration procedure now looks like this (simplified):

1) migrate gets triggered
2) check if the VM/CT is eligible for migration (no local device use, ...)
3) check if the target node is accessible through ssh public key
   authentication
4) check if a dedicated migration network is set, either through datacenter
   config or directly through a parameter passed to the migrate API call
5) ask the target node via the pvecm mtunnel command if it has an IP on the
   dedicated network, if yes use this as remote node ip and recheck if we
   can connect with ssh
6) start the vm on the target side so that it waits for an incoming
   migration, ensure here that both source have the network used for the
   migration in sync
7) depending on the migration type start a mtunnel via ssh to the target
   node or connect directly (unencrypted) to it.
8) do the migration

This all can be seen as RFC, but if the general idea is ok it would be
perfect if some patches could be already applied, not that I have to resend
all patches from all packages again every time :)

-- Thomas






More information about the pve-devel mailing list