[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Suggestion for merging xl save/restore/migrate/migrate-receive



On 09/16/2013 12:20 PM, Ian Jackson wrote:
> Zhigang Wang writes ("Re: [Xen-devel] Suggestion for merging xl 
> save/restore/migrate/migrate-receive"):
>> ---- xl-migrate.rst ----
> ...
>> * Current xl migrate command is not intuitive, especially the `-s` option::
>>
>>       # xl migrate
>>       Usage: xl [-v] migrate [options] <Domain> <host>
>>       
>>       Save a domain state to restore later.
>>       
>>       Options:
>>       
>>       -h              Print this help.
>>       -C <config>     Send <config> instead of config file from creation.
>>       -s <sshcommand> Use <sshcommand> instead of ssh.  String will be passed
>>                       to sh. If empty, run <host> instead of ssh <host> xl
>>                       migrate-receive [-d -e]
>>       -e              Do not wait in the background (on <host>) for the death
>>                       of the domain.
>>
>>   It's a little hard to adapt other tools as transport.
> 
> Perhaps the documentation needs to be improved.  But you can just say
>    xl migrate -s '' 42 'nc remotehost 1234'
> and in the receiving host's inetd.conf:
>    1234 stream tcp nowait root /usr/bin/xl xl migrate-receive
> (NB I haven't tested this).  If you want better logging then use a
> better superserver than inetd.
> 
>> * We have differnt implementation for `xl save/restore` and 
>>   `xl migrate/migrate-receive`. Can we merge them?
> 
> I'm afraid not.  The migration protocol includes a confirmation that
> the receiver is ready, to try to reduce the chance that a failed
> migration ends up killing the domain.
> 
>> Proposal
>> ========
>>
>> * Implement dedicated daemons for ssl and non-ssl migration receive 
>>   (`socat <http://www.dest-unreach.org/socat/>`_ can be used).
>>
>>   Example patch for dedicated migrate receive daemon:
>>   xen-xl-migrate-socat.patch
> 
> I think a one-line change to inetd.conf is probably better.  Your
> script is very complicated (and still throws away the error messages
> from xl migrate-receive rather than logging them).
> 
> As for the encrypted version: ssl has pretty awful security
> properties, at least by default, which you need to work around.  For
> example, the default usually involves the X.509 root certificate
> oligopoly, and doesn't provide forward secrecy.  If you need
> encryption, ssh has a much better security model.
> 
> If you don't need encryption and authentication then default mode of
> use for xl is rather heavyweight and you might want to use a simple
> unencrypted unauthenticated TCP session as I describe above.
> 
>> * In order to migrate a VM without user interactive, we have to configure ssh
>>   keys for all Servers in a pool. Key management brings complexity.
> 
> Surely your automated server deployment system can manage this ?

Yes, we can.

keys are states; we need to make sure they are always sync. Also after this,
all Servers in a pool can login to each other. I don't know whether it's
a security issue for our product.

This is something we try to avoid at this time.

Thanks,

Zhigang


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.