[pve-devel] [PATCH v2 qemu-server 0/4] fix secure live migration with local
Mira Limbeck
m.limbeck at proxmox.com
Tue Mar 17 20:56:08 CET 2020
Currently NBD storage migration always uses unencrypted TCP. The
following 4 patches add support for unix sockets that are forwarded over
SSH.
For backwards compatibility this requires some kind of communication
from the source node to the target node, because the NBD server can only
be started with either a TCP socket or a Unix socket. This is done by
passing the line 'nbd_protocol_version: 1' to the target node via STDIN.
Patch 1 makes some changes to qemu_drive_mirror_monitor and in return to
qemu_drive_miror and clone_disk. This is necessary for compatibility
with Qemu 4.2. A lot of warnings regarding the SSH tunnel were printed
when trying the previous version of the patch series with Qemu 4.2.
Patch 2 & 3 bring the new functionality to the target side, patch 4 to
the source side.
v2:
- removed one of the patches that moved finish_tunnel() to after
vm_stop()
- changed the things @fabian suggested
- introduced patch 1 for Qemu 4.2 support
Mira Limbeck (4):
add qemu_drive_mirror_monitor completion modes
add NBD server unix socket support in vm_start
parse nbd_protocol_version if available
add unix socket support for NBD storage migration
PVE/API2/Qemu.pm | 18 +++++++++++----
PVE/QemuMigrate.pm | 56 ++++++++++++++++++++++++++++++++++++----------
PVE/QemuServer.pm | 54 +++++++++++++++++++++++++++++++-------------
3 files changed, 97 insertions(+), 31 deletions(-)
--
2.20.1
More information about the pve-devel
mailing list