[pve-devel] applied-series: [PATCH v2 qemu-server 0/4] fix secure live migration with local

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Mar 18 08:34:35 CET 2020 

with followup:

>From db1f8b39e173bcb19113b13bd712f1c2e18c0a9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
Date: Wed, 18 Mar 2020 08:21:29 +0100
Subject: [PATCH qemu-server] drive_mirror: rename variables and values
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

and add some more details to comments.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 PVE/API2/Qemu.pm   |  2 +-
 PVE/QemuMigrate.pm |  4 ++--
 PVE/QemuServer.pm  | 14 +++++++++-----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index fa8315e..ef8a7c3 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -2947,7 +2947,7 @@ __PACKAGE__->register_method({
 		    foreach my $opt (keys %$drives) {
 			my $drive = $drives->{$opt};
 			my $skipcomplete = ($total_jobs != $i); # finish after last drive
-			my $completion = $skipcomplete ? 'skip' : 'wait';
+			my $completion = $skipcomplete ? 'skip' : 'complete';
 
 			my $src_sid = PVE::Storage::parse_volume_id($drive->{file});
 			my $storage_list = [ $src_sid ];
diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
index 50ebd77..3e5f093 100644
--- a/PVE/QemuMigrate.pm
+++ b/PVE/QemuMigrate.pm
@@ -999,8 +999,8 @@ sub phase3_cleanup {
     my $tunnel = $self->{tunnel};
 
     if ($self->{storage_migration}) {
-	# finish block-job
-	eval { PVE::QemuServer::qemu_drive_mirror_monitor($vmid, undef, $self->{storage_migration_jobs}, 'wait_noswap'); };
+	# finish block-job with block-job-cancel, to disconnect source VM from NBD
+	eval { PVE::QemuServer::qemu_drive_mirror_monitor($vmid, undef, $self->{storage_migration_jobs}, 'cancel'); };
 
 	if (my $err = $@) {
 	    eval { PVE::QemuServer::qemu_blockjobs_cancel($vmid, $self->{storage_migration_jobs}) };
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 2ef8bff..21fb1b1 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -6580,10 +6580,14 @@ sub qemu_drive_mirror {
     qemu_drive_mirror_monitor ($vmid, $vmiddst, $jobs, $completion, $qga);
 }
 
+# $completion can be either
+# 'complete': wait until all jobs are ready, block-job-complete them (default)
+# 'cancel': wait until all jobs are ready, block-job-cancel them
+# 'skip': wait until all jobs are ready, return with block jobs in ready state
 sub qemu_drive_mirror_monitor {
     my ($vmid, $vmiddst, $jobs, $completion, $qga) = @_;
 
-    $completion //= 'wait'; # same semantic as with 'skipcomplete' before
+    $completion //= 'complete';
 
     eval {
 	my $err_complete = 0;
@@ -6659,9 +6663,9 @@ sub qemu_drive_mirror_monitor {
 			print "$job: Completing block job...\n";
 
 			my $op;
-			if ($completion eq 'wait') {
+			if ($completion eq 'complete') {
 			    $op = 'block-job-complete';
-			} elsif ($completion eq 'wait_noswap') {
+			} elsif ($completion eq 'cancel') {
 			    $op = 'block-job-cancel';
 			} else {
 			    die "invalid completion value: $completion\n";
@@ -6722,7 +6726,7 @@ sub qemu_blockjobs_cancel {
 
 sub clone_disk {
     my ($storecfg, $vmid, $running, $drivename, $drive, $snapname,
-	$newvmid, $storage, $format, $full, $newvollist, $jobs, $skipcomplete, $qga, $bwlimit) = @_;
+	$newvmid, $storage, $format, $full, $newvollist, $jobs, $completion, $qga, $bwlimit) = @_;
 
     my $newvolid;
 
@@ -6767,7 +6771,7 @@ sub clone_disk {
 		    if $drive->{iothread};
 	    }
 
-	    qemu_drive_mirror($vmid, $drivename, $newvolid, $newvmid, $sparseinit, $jobs, $skipcomplete, $qga, $bwlimit);
+	    qemu_drive_mirror($vmid, $drivename, $newvolid, $newvmid, $sparseinit, $jobs, $completion, $qga, $bwlimit);
 	}
     }
 

On March 17, 2020 8:56 pm, Mira Limbeck wrote:
> Currently NBD storage migration always uses unencrypted TCP. The
> following 4 patches add support for unix sockets that are forwarded over
> SSH.
> For backwards compatibility this requires some kind of communication
> from the source node to the target node, because the NBD server can only
> be started with either a TCP socket or a Unix socket. This is done by
> passing the line 'nbd_protocol_version: 1' to the target node via STDIN.
> 
> Patch 1 makes some changes to qemu_drive_mirror_monitor and in return to
> qemu_drive_miror and clone_disk. This is necessary for compatibility
> with Qemu 4.2. A lot of warnings regarding the SSH tunnel were printed
> when trying the previous version of the patch series with Qemu 4.2.
> 
> Patch 2 & 3 bring the new functionality to the target side, patch 4 to
> the source side.
> 
> v2:
>  - removed one of the patches that moved finish_tunnel() to after
>     vm_stop()
>  - changed the things @fabian suggested
>  - introduced patch 1 for Qemu 4.2 support
> 
> Mira Limbeck (4):
>   add qemu_drive_mirror_monitor completion modes
>   add NBD server unix socket support in vm_start
>   parse nbd_protocol_version if available
>   add unix socket support for NBD storage migration
> 
>  PVE/API2/Qemu.pm   | 18 +++++++++++----
>  PVE/QemuMigrate.pm | 56 ++++++++++++++++++++++++++++++++++++----------
>  PVE/QemuServer.pm  | 54 +++++++++++++++++++++++++++++++-------------
>  3 files changed, 97 insertions(+), 31 deletions(-)
> 
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
>

More information about the pve-devel mailing list