cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <rohit.ya...@shapeblue.com>
Subject Re: [FS] Request for comments: Secure VM Live Migration for KVM
Date Tue, 21 Nov 2017 06:09:34 GMT
Hi Marc,

Thanks for your comments, I'll reply to them on the cwiki page.

Briefly - CloudStack does support live VM migration already and presently on adding a KVM
host using CloudStack 's addHost runs cloudstack-setup-agent and configures libvirtd by adding
suitable options to enable libvirtd on tcp. I'll have another look at your PR too.

Regards.

Get Outlook for Android<https://aka.ms/ghei36>

________________________________
From: Marc-Aurèle Brothier - Exoscale <marco@exoscale.ch>
Sent: Friday, November 17, 2017 8:06:55 PM
To: dev@cloudstack.apache.org
Subject: Re: [FS] Request for comments: Secure VM Live Migration for KVM

Working, thanks!



rohit.yadav@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

On Fri, 2017-11-17 at 11:27 -0200, Rafael Weingärtner wrote:
> Marc I added permission to you; can you test if you can make comments
> now?
>
> On Fri, Nov 17, 2017 at 11:20 AM, Marc-Aurèle Brothier - Exoscale <
> marco@exoscale.ch> wrote:
>
> > I'm not able to post comments on the wiki even when logged in so I
> > post
> > to the mailing list. I guess I'm not in any special wiki group to
> > edit
> > CS pages.
> >
> > Good news you made the live migration working (right?) on master.
> > Is it
> > really something we want to control under CS on the agent
> > installation
> > all this libvirt TLS setup? Maybe the installation could write
> > libvirtd
> > configuration file for TLS and non-TLS setup in CS and/or libvirt
> > /etc
> > directory but without overriding the normal one. I have to admit
> > I'm
> > not familiar with how things are usually done in CS for external
> > components.
> >
> > You can also add to cloudstack configuration the libvirt flags used
> > for
> > the live migration, which should be customizable in some way. On my
> > PR
> > it's in agent.properties, but it could be sent along with the
> > migration
> > command.
> >
> > I would welcome if you could setup a wiki page that I could edit on
> > the
> > KVM live migration so I could add my remark on my experience and
> > things
> > to config/consider.
> >
> > On your question: +1 on having the configuration value for TLS or
> > plain
> > tcp.
> >
> > Marc-Aurèle
> >
> > On Thu, 2017-11-16 at 10:32 +0000, Rohit Yadav wrote:
> > > All,
> > >
> > >
> > > Kindly review and share your thoughts and comments for a new
> > > feature
> > > - Secure VM live migration for KVM, this feature builds on top of
> > > the
> > > previous feature that brought in a new CA framework [1] for
> > > CloudStack.
> > >
> > >
> > > Here is a rough first draft for your review:
> > >
> > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+KVM
> > > +VM+
> > > Live+Migration
> > >
> > >
> > > [1] https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure
> > > +Age
> > > nt+Communications
> > >
> > >
> > > Regards.
> > >
> > > rohit.yadav@shapeblue.com
> > > www.shapeblue.com<http://www.shapeblue.com>
> > > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> > > @shapeblue
> > >
> > >
> > >
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message