[one-users] Safe Live Migration

Javier Fontan jfontan at opennebula.org
Thu Jan 23 02:10:42 PST 2014


Migration is done using this command (KVM) in the host where the VM is
running (/var/lib/one/remotes/vmm/kvm/migrate):

virsh --connect $LIBVIRT_URI migrate --live $deploy_id
$QEMU_PROTOCOL://$dest_host/system

With the default configuration the migration data then will be sent to
$dest_host using unencrypted tcp sockets. In case the interface for
$dest_host IP is not used for the VM bridge then it will be only used
for ssh connections, migrations and maybe storage (depends on the
configuration).

In case you want to use an interface only for migration you may want
to create a new network (attached to a new interface) and add a suffix
to the host names. For example:

192.168.10.15 host01
10.0.0.15 host01.migration

And change the migration command to something like this:

virsh --connect $LIBVIRT_URI migrate --live $deploy_id
$QEMU_PROTOCOL://$dest_host.migration/system

To encrypt data you'd better check libvirt documentation on how to use
tls for connections. It will require generating certificates and
configuration in libvirt, not only QEMU_PROTOCOL modification.

On Mon, Jan 20, 2014 at 8:38 PM, Igor Laskovy <igor.laskovy at gmail.com> wrote:
> Hello list,
>
> Could anybody clarify how to separate live migration traffic to dedicated
> interface?
>
> --
> Igor Laskovy
> facebook.com/igor.laskovy
> studiogrizzly.com
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



-- 
Javier Fontán Muiños
Developer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | @OpenNebula | github.com/jfontan



More information about the Users mailing list