[pve-devel] Allow dedicated migration network (bug #1177)

Alexandre DERUMIER aderumier at odiso.com
Fri Oct 28 11:17:00 CEST 2016


>>Next would be storage migration without ssh for secure networks and then 
>>a look at tls with qemu :)

I'll try to look at tls in 2 week (will be on holiday next week)


----- Mail original -----
De: "Thomas Lamprecht" <t.lamprecht at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 28 Octobre 2016 09:17:40
Objet: Re: [pve-devel] Allow dedicated migration network (bug #1177)

On 10/28/2016 08:44 AM, Alexandre DERUMIER wrote: 
>>> Note that it's also possible to use nbd server (without qemu) for offline migration, and it's 
>>> possible to use tls too. (I don't have yet added patches for the live storage migration, but it's possible too). 
> See this blog about qemu live migration && nbd support for tls 
> 
> https://www.berrange.com/posts/2016/04/05/improving-qemu-security-part-5-tls-support-for-nbd-server-client/ 
> 
> I don't have benchmarked it, but I think it should be faster than ssh 

Ok, thanks for the link. 

I wanted to look at tls migration too, but this series was more 
important to me now. 

Next would be storage migration without ssh for secure networks and then 
a look at tls with qemu :) 



> 
> ----- Mail original ----- 
> De: "aderumier" <aderumier at odiso.com> 
> À: "pve-devel" <pve-devel at pve.proxmox.com> 
> Envoyé: Vendredi 28 Octobre 2016 08:40:21 
> Objet: Re: [pve-devel] Allow dedicated migration network (bug #1177) 
> 
>>> a) this does also the storage migration over the network, but storage 
>>> migration is currently 
>>> always with ssh (+ rsync) there are plans to use a dd + netcat (+ 
>>> maybe also compression in between) 
>>> combination if the migration type is insecure, to speed things up. 
> Note that it's also possible to use nbd server (without qemu) for offline migration, and it's 
> possible to use tls too. (I don't have yet added patches for the live storage migration, but it's possible too). 
> 
> The only thing missing from nbd is sparse support, but it's comming for qemu 2.8. 
> 
> 
>>> b) some patches of this series conflicts quite a bit with Alexandres 
>>> live storage migration series, 
>>> so I can rebase those if his code gets merged, should be mainly the 
>>> patches in qemu-server :) 
> Feel free to apply your patches, I can rebase my patches later as it's not yet finished. 
> 
> 
> 
> ----- Mail original ----- 
> De: "Thomas Lamprecht" <t.lamprecht at proxmox.com> 
> À: "pve-devel" <pve-devel at pve.proxmox.com> 
> Envoyé: Jeudi 27 Octobre 2016 17:24:18 
> Objet: Re: [pve-devel] Allow dedicated migration network (bug #1177) 
> 
> Two notes I possible forgot: 
> 
> a) this does also the storage migration over the network, but storage 
> migration is currently 
> always with ssh (+ rsync) there are plans to use a dd + netcat (+ 
> maybe also compression in between) 
> combination if the migration type is insecure, to speed things up. 
> 
> b) some patches of this series conflicts quite a bit with Alexandres 
> live storage migration series, 
> so I can rebase those if his code gets merged, should be mainly the 
> patches in qemu-server :) 
> 
> -- Thomas 
> 
> 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
> 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 


_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 




More information about the pve-devel mailing list