[pve-devel] [PATCH qemu-server 0/4] add secure live migration with local disks
Mira Limbeck
m.limbeck at proxmox.com
Wed Mar 11 11:44:16 CET 2020
Currently NBD storage migration always uses unencrypted TCP. The
following 4 patches add support for unix sockets that are forwarded over
SSH.
For backwards compatibility this requires some kind of communication
from the source node to the target node, because the NBD server can only
be started with either a TCP socket or a Unix socket. This is done by
passing the line 'nbd_protocol_version: 1' to the target node via STDIN.
Patch 1 & 2 are for the target side and should be applied before patch
4. Patch 3 & 4 are for the source side and patch 3 is required for the
SSH tunnel to close by itself, otherwise it will be terminated after a
timeout of 30 seconds.
Mira Limbeck (4):
parse nbd_protocol_version if available
add NBD server unix socket support in vm_start
move finish_tunnel to after the VM is stopped
add unix socket support for NBD storage migration
PVE/API2/Qemu.pm | 10 +++++++++-
PVE/QemuMigrate.pm | 50 +++++++++++++++++++++++++++++++++-------------
PVE/QemuServer.pm | 19 ++++++++++++++----
3 files changed, 60 insertions(+), 19 deletions(-)
--
2.20.1
More information about the pve-devel
mailing list