[libvirt] [PATCH]: Secure migration support for KVM

Chris Lalancette clalance at redhat.com
Tue May 12 11:55:47 UTC 2009 

All,
     Attached is the secure migration patch for libvirt.  What this patch
implements is a new remote RPC call for secure migration.  On the source of the
migration, we do a migration from the qemu process to the libvirtd on localhost.
 As each read() in libvirtd completes, it issues an RPC message to the remote
libvirtd, using the standard libvirt RPC mechanisms.  On the destination, we do
essentially the mirror; the libvirtd accepts the data from RPC, and then writes
it to a qemu container process listening on localhost.

In order to actually use this, the command-line is pretty complex.  If you want
to use standard live migration, the command-line looks something like:

# virsh -c qemu+tls://source.example.org/system migrate --live guest
qemu+tls://dest.example.org/system

This says to a live migration of "guest" from "source.example.org" to
"dest.example.org", connecting to each of the remote libvirtd via TLS.  Note
that in this model, the virsh process connects to the remote libvirtd's via the
-c argument (source) and the destination argument (dest).

To do secure live migration, this becomes:

# virsh -c qemu+tls://source.example.org/system migrate --live --secure guest
qemu+tls://dest.example.org/system qemu+tls://dest.example.org/system

This says to do a secure live migration of "guest" from "source.example.org" to
"dest.example.org".  The virsh process figures out how to connect to the remote
libvirtd's via the -c argument (source) and the destination argument (dest).
The second "qemu+tls://dest.example.org/system" is the secure channel from the
source libvirtd to the destination libvirtd.

Signed-off-by: Chris Lalancette <clalance at redhat.com>

 docs/apibuild.py                   |    1
 include/libvirt/libvirt.h          |    1
 include/libvirt/libvirt.h.in       |    1
 qemud/remote.c                     |   34 +++
 qemud/remote_dispatch_args.h       |    1
 qemud/remote_dispatch_prototypes.h |    7
 qemud/remote_dispatch_table.h      |    5
 qemud/remote_protocol.c            |   13 +
 qemud/remote_protocol.h            |   17 +
 qemud/remote_protocol.x            |   12 +
 src/driver.h                       |   10 +
 src/libvirt.c                      |   55 ++++-
 src/libvirt_internal.h             |    5
 src/libvirt_private.syms           |    1
 src/lxc_driver.c                   |    1
 src/openvz_driver.c                |    1
 src/qemu_driver.c                  |  367 ++++++++++++++++++++++++++++++++-----
 src/remote_internal.c              |   33 +++
 src/test.c                         |    1
 src/uml_driver.c                   |    1
 src/virsh.c                        |    4
 src/xen_unified.c                  |    1
 22 files changed, 518 insertions(+), 54 deletions(-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libvirt-secure-migration.patch
Type: text/x-patch
Size: 36849 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090512/d2c68086/attachment-0001.bin>

More information about the libvir-list mailing list