[one-users] Safe Live Migration
Hello list, Could anybody clarify how to separate live migration traffic to dedicated interface? -- Igor Laskovy facebook.com/igor.laskovy studiogrizzly.com ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Safe Live Migration
Anybody? Or at least encrypt it? On Tue, Jan 21, 2014 at 3:38 AM, Igor Laskovy wrote: > Hello list, > > Could anybody clarify how to separate live migration traffic to dedicated > interface? > > -- > Igor Laskovy > facebook.com/igor.laskovy > studiogrizzly.com > -- Igor Laskovy facebook.com/igor.laskovy studiogrizzly.com ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Safe Live Migration
Hi, This is mostly a hypervisor related question. What hypervisor are you using? cheers, Jaime On Wed, Jan 22, 2014 at 10:12 AM, Igor Laskovy wrote: > Anybody? Or at least encrypt it? > > > On Tue, Jan 21, 2014 at 3:38 AM, Igor Laskovy wrote: > >> Hello list, >> >> Could anybody clarify how to separate live migration traffic to dedicated >> interface? >> >> -- >> Igor Laskovy >> facebook.com/igor.laskovy >> studiogrizzly.com >> > > > > -- > Igor Laskovy > facebook.com/igor.laskovy > studiogrizzly.com > > ___ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > -- Jaime Melis Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | jme...@opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Safe Live Migration
Migration is done using this command (KVM) in the host where the VM is running (/var/lib/one/remotes/vmm/kvm/migrate): virsh --connect $LIBVIRT_URI migrate --live $deploy_id $QEMU_PROTOCOL://$dest_host/system With the default configuration the migration data then will be sent to $dest_host using unencrypted tcp sockets. In case the interface for $dest_host IP is not used for the VM bridge then it will be only used for ssh connections, migrations and maybe storage (depends on the configuration). In case you want to use an interface only for migration you may want to create a new network (attached to a new interface) and add a suffix to the host names. For example: 192.168.10.15 host01 10.0.0.15 host01.migration And change the migration command to something like this: virsh --connect $LIBVIRT_URI migrate --live $deploy_id $QEMU_PROTOCOL://$dest_host.migration/system To encrypt data you'd better check libvirt documentation on how to use tls for connections. It will require generating certificates and configuration in libvirt, not only QEMU_PROTOCOL modification. On Mon, Jan 20, 2014 at 8:38 PM, Igor Laskovy wrote: > Hello list, > > Could anybody clarify how to separate live migration traffic to dedicated > interface? > > -- > Igor Laskovy > facebook.com/igor.laskovy > studiogrizzly.com > > ___ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > -- Javier Fontán Muiños Developer OpenNebula - The Open Source Toolkit for Data Center Virtualization www.OpenNebula.org | @OpenNebula | github.com/jfontan ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Safe Live Migration
Thanks you Javier for this hint! This is what I was looking for. On Thu, Jan 23, 2014 at 6:10 PM, Javier Fontan wrote: > Migration is done using this command (KVM) in the host where the VM is > running (/var/lib/one/remotes/vmm/kvm/migrate): > > virsh --connect $LIBVIRT_URI migrate --live $deploy_id > $QEMU_PROTOCOL://$dest_host/system > > With the default configuration the migration data then will be sent to > $dest_host using unencrypted tcp sockets. In case the interface for > $dest_host IP is not used for the VM bridge then it will be only used > for ssh connections, migrations and maybe storage (depends on the > configuration). > > In case you want to use an interface only for migration you may want > to create a new network (attached to a new interface) and add a suffix > to the host names. For example: > > 192.168.10.15 host01 > 10.0.0.15 host01.migration > > And change the migration command to something like this: > > virsh --connect $LIBVIRT_URI migrate --live $deploy_id > $QEMU_PROTOCOL://$dest_host.migration/system > > To encrypt data you'd better check libvirt documentation on how to use > tls for connections. It will require generating certificates and > configuration in libvirt, not only QEMU_PROTOCOL modification. > > On Mon, Jan 20, 2014 at 8:38 PM, Igor Laskovy > wrote: > > Hello list, > > > > Could anybody clarify how to separate live migration traffic to dedicated > > interface? > > > > -- > > Igor Laskovy > > facebook.com/igor.laskovy > > studiogrizzly.com > > > > ___ > > Users mailing list > > Users@lists.opennebula.org > > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > > > -- > Javier Fontán Muiños > Developer > OpenNebula - The Open Source Toolkit for Data Center Virtualization > www.OpenNebula.org | @OpenNebula | github.com/jfontan > -- Igor Laskovy facebook.com/igor.laskovy studiogrizzly.com ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
