[pve-devel] RFC V2 Storage Replica
Alexandre DERUMIER
aderumier at odiso.com
Fri Apr 21 09:41:33 CEST 2017
>>but at least, we need a tunneling like socat for zfs or rbd.
I didn't known, but socat support encryption with openssl natively.
I have foudn a benchmark on percona xtradbcluster, which use tunnel to resync mysql galera cluster.
https://www.percona.com/blog/2017/03/30/performance-evaluation-of-sst-data-transfer-with-encryption-part-2/
----- Mail original -----
De: "aderumier" <aderumier at odiso.com>
À: "dietmar" <dietmar at proxmox.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 21 Avril 2017 09:28:31
Objet: Re: [pve-devel] RFC V2 Storage Replica
>>Something like that. But login/password is maybe not enough, because we also
>>need ssh connection. Or can we make it work without ssh?
for api call, it's ok through https
For disk replication , I think that ssh have too much penality for performance. But maybe user want it as option
if the remote cluster is in a remote location/cloud on internet. (or other kind of encryption)
but at least, we need a tunneling like socat for zfs or rbd.
qemu mirroring|backup can work directly to nbd (and tls encryption is available in qemu 2.9)
>>If so, we need to add at least a fingerprint to identify the remote host?
yes !
----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "aderumier" <aderumier at odiso.com>, "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 21 Avril 2017 08:34:35
Objet: Re: [pve-devel] RFC V2 Storage Replica
> On April 21, 2017 at 8:04 AM Alexandre DERUMIER <aderumier at odiso.com> wrote:
>
>
> >>ip=could be an ip of the cluster.
> >>(But I think we need to connect first to this ip, and find where the vm is
> >>located (in case of vm is moving), and reconnect to the vm node.
> >>Don't known how to manage this first ip connect ? (do we allow to define
> >>multiple ips if 1 host is down?)
>
> Maybe define
>
> >>replication-source: clusterid=mysourceclusterid,sourcevmid=123
>
>
> the define cluster in
>
> /etc/pve/remoteclusters.cfg
>
> mysourceclusterid : ip : x.X.X.X, x.X.X.X, x.X.X.X
> login : xxxx
> password: xxxx
>
Something like that. But login/password is maybe not enough, because we also
need ssh connection. Or can we make it work without ssh? If so, we need
to add at least a fingerprint to identify the remote host?
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list