[libvirt PATCH 8/9] qemu: Allow migration over UNIX socket
Daniel P. Berrangé
berrange at redhat.com
Tue Aug 25 16:35:52 UTC 2020
On Tue, Aug 25, 2020 at 06:34:05PM +0200, Jiri Denemark wrote:
> On Tue, Aug 25, 2020 at 17:12:59 +0100, Daniel P. Berrangé wrote:
> > On Tue, Aug 25, 2020 at 05:53:32PM +0200, Jiri Denemark wrote:
> > > On Tue, Aug 25, 2020 at 07:47:14 +0200, Martin Kletzander wrote:
> > > > - /* RDMA and multi-fd migration requires QEMU to connect to the destination
> > > > - * itself.
> > > > - */
> > > > - if (STREQ(uribits->scheme, "rdma") || (flags & VIR_MIGRATE_PARALLEL))
> > > > - spec.destType = MIGRATION_DEST_HOST;
> > > > - else
> > > > - spec.destType = MIGRATION_DEST_CONNECT_HOST;
> > > > - spec.dest.host.protocol = uribits->scheme;
> > > > - spec.dest.host.name = uribits->server;
> > > > - spec.dest.host.port = uribits->port;
> > > > + if (STREQ(uribits->scheme, "unix")) {
> > > > + if (flags & VIR_MIGRATE_TLS) {
> > > > + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> > > > + _("Migration over UNIX socket with TLS is not supported"));
> > > > + return -1;
> > > > + }
> > > > + if (flags & VIR_MIGRATE_PARALLEL) {
> > > > + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> > > > + _("Parallel migration over UNIX socket is not supported"));
> > > > + return -1;
> > > > + }
> > >
> > > Is there a reason for not supporting TLS and multi-fd with unix sockets?
> > > >From libvirt's POV this should be fairly trivial (can be a follow-up
> > > patch, though): introduce MIGRATION_DEST_SOCKET in addition to
> > > MIGRATION_DEST_CONNECT_SOCKET and use it to instruct QEMU to connect
> > > using unix: URI (unless this support was removed from QEMU).
> >
> > multi-fd is certainly desirable to support and I don't see any reason
> > to block that.
> >
> > TLS is more problematic, at least if you are using x509 credentials then
> > you need to tell QEMU what hostname to use for validation. This would
> > require us to accept a hostname parameter in the URI giving the UNIX
> > socket.
>
> We already support this generally regardless on the transport via
> VIR_MIGRATE_PARAM_TLS_DESTINATION parameter.
Ah yes, I forgot. In that case, I don't see a obvious reason to block
TLS.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list