[pve-devel] [PATCH qemu-server 0/4] add secure live migration with local disks

Mira Limbeck m.limbeck at proxmox.com
Wed Mar 11 11:44:16 CET 2020


Currently NBD storage migration always uses unencrypted TCP. The
following 4 patches add support for unix sockets that are forwarded over
SSH.
For backwards compatibility this requires some kind of communication
from the source node to the target node, because the NBD server can only
be started with either a TCP socket or a Unix socket. This is done by
passing the line 'nbd_protocol_version: 1' to the target node via STDIN.

Patch 1 & 2 are for the target side and should be applied before patch
4. Patch 3 & 4 are for the source side and patch 3 is required for the
SSH tunnel to close by itself, otherwise it will be terminated after a
timeout of 30 seconds.

Mira Limbeck (4):
  parse nbd_protocol_version if available
  add NBD server unix socket support in vm_start
  move finish_tunnel to after the VM is stopped
  add unix socket support for NBD storage migration

 PVE/API2/Qemu.pm   | 10 +++++++++-
 PVE/QemuMigrate.pm | 50 +++++++++++++++++++++++++++++++++-------------
 PVE/QemuServer.pm  | 19 ++++++++++++++----
 3 files changed, 60 insertions(+), 19 deletions(-)

-- 
2.20.1





More information about the pve-devel mailing list