[pve-devel] RFC V2 Storage Replica

Alexandre DERUMIER aderumier at odiso.com
Fri Apr 21 09:41:33 CEST 2017 

>>but at least, we need a tunneling like socat for zfs or rbd. 

I didn't known, but socat support encryption with openssl natively.

I have foudn a benchmark on percona xtradbcluster, which use tunnel to resync mysql galera cluster.

https://www.percona.com/blog/2017/03/30/performance-evaluation-of-sst-data-transfer-with-encryption-part-2/


----- Mail original -----
De: "aderumier" <aderumier at odiso.com>
À: "dietmar" <dietmar at proxmox.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 21 Avril 2017 09:28:31
Objet: Re: [pve-devel] RFC V2 Storage Replica

>>Something like that. But login/password is maybe not enough, because we also 
>>need ssh connection. Or can we make it work without ssh? 

for api call, it's ok through https 

For disk replication , I think that ssh have too much penality for performance. But maybe user want it as option 
if the remote cluster is in a remote location/cloud on internet. (or other kind of encryption) 

but at least, we need a tunneling like socat for zfs or rbd. 
qemu mirroring|backup can work directly to nbd (and tls encryption is available in qemu 2.9) 


>>If so, we need to add at least a fingerprint to identify the remote host? 
yes ! 



----- Mail original ----- 
De: "dietmar" <dietmar at proxmox.com> 
À: "aderumier" <aderumier at odiso.com>, "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Vendredi 21 Avril 2017 08:34:35 
Objet: Re: [pve-devel] RFC V2 Storage Replica 

> On April 21, 2017 at 8:04 AM Alexandre DERUMIER <aderumier at odiso.com> wrote: 
> 
> 
> >>ip=could be an ip of the cluster. 
> >>(But I think we need to connect first to this ip, and find where the vm is 
> >>located (in case of vm is moving), and reconnect to the vm node. 
> >>Don't known how to manage this first ip connect ? (do we allow to define 
> >>multiple ips if 1 host is down?) 
> 
> Maybe define 
> 
> >>replication-source: clusterid=mysourceclusterid,sourcevmid=123 
> 
> 
> the define cluster in 
> 
> /etc/pve/remoteclusters.cfg 
> 
> mysourceclusterid : ip : x.X.X.X, x.X.X.X, x.X.X.X 
> login : xxxx 
> password: xxxx 
> 

Something like that. But login/password is maybe not enough, because we also 
need ssh connection. Or can we make it work without ssh? If so, we need 
to add at least a fingerprint to identify the remote host? 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

More information about the pve-devel mailing list