Re: [PATCH v2 2/9] qemu: Introduced VIR_MIGRATE_TPM_SHARED_STORAGE for TPM migration

Mon, 17 Oct 2022 08:18:16 -0700 



On 10/17/22 09:48, Daniel P. Berrangé wrote:

On Mon, Oct 17, 2022 at 09:39:52AM -0400, Stefan Berger wrote:







The key is in qemuMigrationSrcIsSafe(), and how it determines if a
migration is safe.

   * Disk on local storage, no flags  => unsafe, migration error
   * Disk on local storage, VIR_MIGRATE_NON_SHARED_DISK => ok, copies disk 
storage
   * Disk on shared storage, no flags => safe
   * Disk on shared storage, VIR_MIGRATE_NON_SHARED_DISK => ok, but needlessly 
copies disk storage

The key helper methods are virFileIsSharedFS and virFileIsClusterFS
which check the filesystem type for the path against a known list
of shared/cluster FS.


So we won't do it this way for TPM state migration. Instead we can
try to write on the source migration side

a) a simple file and detect whether the file is at the destination
b) a file with either a name or content that only the source and
    destination libvirts would know at this point

b) is to prevent stale files from becoming indicators for shared storage.


No, please use the virFileIsSharedFS/ClusterFS helpers.



I tried to use virFileIsSharedFS on the source and destination side of my NFS 
setup to see how they work. The issue here is that the NFS server side, that 
exports /var/lib/libvirt/swtpm and is also the migration source at some point, 
says this:

/var/lib/libvirt/swtpm/ecc221c4-6bb9-423f-ac31-72244fdbb1a1/tpm2 is shared: 0

the NFS client side then says this:


/var/lib/libvirt/swtpm/ecc221c4-6bb9-423f-ac31-72244fdbb1a1/tpm2 is shared: 1


The latter is correct, the former obviously not. Is this an illegal NFS setup 
or a shortcoming of the AP

I suppose both sides should be able to run the API (and come up with the same 
result) and not the one side setting an additional migration flag when shared 
storage is found and that flag then appearing on the migration destination 
side, which then avoids having to run the API again there?

   Stefan


+#include "virfile.h"
+
+static inline void
+qemuTestSharedStorage(virQEMUDriver *driver, virDomainObj *vm)
+{
+    virDomainDef *def = vm->def;
+    size_t i;
+    int n;
+
+    for (i = 0; i < def->ntpms; i++) {
+        if (def->tpms[i]->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) {
+            n = qemuExtTPMInitPaths(driver, def, (def->tpms[i]));
+            n = virFileIsSharedFS(def->tpms[i]->data.emulator.storagepath);
+            fprintf(stderr, "%s is shared: %d\n", 
def->tpms[i]->data.emulator.storagepath, n);
+        }
+    }
+}
+




With regards,
Daniel
























					Reply via email to