Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id AB353200D43 for ; Tue, 21 Nov 2017 08:38:11 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id A9C14160BFC; Tue, 21 Nov 2017 07:38:11 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A1A95160BED for ; Tue, 21 Nov 2017 08:38:10 +0100 (CET) Received: (qmail 8279 invoked by uid 500); 21 Nov 2017 07:38:09 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 8266 invoked by uid 99); 21 Nov 2017 07:38:08 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Nov 2017 07:38:08 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 213631A23BB for ; Tue, 21 Nov 2017 07:38:08 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.801 X-Spam-Level: X-Spam-Status: No, score=-0.801 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, KAM_SHORT=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=shapeblue.onmicrosoft.com header.b=Y+QyBVxj; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=shapeblue.onmicrosoft.com header.b=WL71IJbY Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id bimMgE3t6A6F for ; Tue, 21 Nov 2017 07:38:03 +0000 (UTC) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0110.outbound.protection.outlook.com [104.47.1.110]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 459BC5FDD1 for ; Tue, 21 Nov 2017 07:38:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shapeblue.onmicrosoft.com; s=selector1-shapeblue-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=AnkZZiVGxAfNgpOzqj6vCYRKxp/RfpzwOxSfXLNVLBQ=; b=Y+QyBVxj/7DLQid1Vm0Sh5IQnO7xJk8MCRn/j28aiclY/b5gFjkOap3KzkKW+q+a58JBdXKqaomC08UM7o2apHub4Rnzza7DhUNZzGekVV8Pe3Kk0yU2JxWXF96cA7gNOEM5RqRgai8d23ZGU+xSzc+FHi/SW898IyxQFqrkF3o= Received: from VI1PR07CA0163.eurprd07.prod.outlook.com (2603:10a6:802:3e::11) by HE1PR0702MB3593.eurprd07.prod.outlook.com (2603:10a6:7:8c::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.2; Tue, 21 Nov 2017 07:37:55 +0000 Received: from VE1EUR01FT060.eop-EUR01.prod.protection.outlook.com (2a01:111:f400:7e01::209) by VI1PR07CA0163.outlook.office365.com (2603:10a6:802:3e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.239.4 via Frontend Transport; Tue, 21 Nov 2017 07:37:54 +0000 Received-SPF: Fail (protection.outlook.com: domain of shapeblue.com does not designate 104.40.179.195 as permitted sender) receiver=protection.outlook.com; client-ip=104.40.179.195; helo=smtpworker-in-14.xware-eu-1.o365.crossware.co.nz; Received: from smtpworker-in-14.xware-eu-1.o365.crossware.co.nz (104.40.179.195) by VE1EUR01FT060.mail.protection.outlook.com (10.152.3.93) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.20.218.12 via Frontend Transport; Tue, 21 Nov 2017 07:37:54 +0000 Received: from EUR01-VE1-obe.outbound.protection.outlook.com (213.199.154.239) by smtpworker-in-14.xware-eu-1.o365.crossware.co.nz with Crossware for Office365; Tue, 21 Nov 2017 07:37:52 +0000 Received: from VI1PR0701MB2944.eurprd07.prod.outlook.com (10.173.72.23) by VI1PR0701MB2941.eurprd07.prod.outlook.com (10.173.72.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.2; Tue, 21 Nov 2017 07:37:50 +0000 Received: from VI1PR0701MB2944.eurprd07.prod.outlook.com ([fe80::d529:94c3:c9ac:4f31]) by VI1PR0701MB2944.eurprd07.prod.outlook.com ([fe80::d529:94c3:c9ac:4f31%18]) with mapi id 15.20.0260.004; Tue, 21 Nov 2017 07:37:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shapeblue.onmicrosoft.com; s=selector1-shapeblue-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=J7t08BqVXl7Y89WVnT/P1JFaeZkfjQk82xEueQ7/h/k=; b=WL71IJbYE18xznRgaxFTpmUFbKdZJ13l9p5rcXF3tjDt7gwe577yrKJfWZe+1DNsdiYyZ0C2J7nRKpqZK7E2mMgiDK1zuphNYquQrTXELT9UPwMh8FahEzAIODpNCZSZ8JVXWrRUsDDlw5hS28vNBQUGz98GtquT0BVxmSER+iQ= From: Rohit Yadav To: "dev@cloudstack.apache.org" Subject: Re: [FS] Request for comments: Secure VM Live Migration for KVM Thread-Topic: [FS] Request for comments: Secure VM Live Migration for KVM Thread-Index: AQHTXsXDvD7yUVUXzE6/JUjLwkvpQKMYkBqAgAACBYCAABNdgIAFu5KZgAAW6l4= Date: Tue, 21 Nov 2017 07:37:50 +0000 Message-ID: References: <1510924823.27085.29.camel@exoscale.ch> ,<1510929415.29281.0.camel@exoscale.ch>, In-Reply-To: Accept-Language: en-US, en-IN Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [139.167.9.25] x-ms-publictraffictype: Email X-Microsoft-Exchange-Diagnostics-untrusted: 1;VI1PR0701MB2941;6:NN8HjuSkpW1K2M/LeNiQnnm6WmNIKW1h7zR4+n83535uNxvjVpoOPg4O3e+hBcv9aMhDPpL1I5vCkTUIs5QjbYWruJW2ycSphFz8cCuszoBZ/hZ8rt7KF7BfAK6rJSQ1ofyxJg9WG5klECA0bbOC027ut6ZbapUhT919/EluCE4Q5uv12F1U0b3zrGrEnDyIGudURVvQnPowcLxUQfLTOm47TpKce9Nzrtiynv1Fwzrkp7UZ3pf/NIgXf6zg8fShfVbTdhd6ukAUmgdbscPwM+sC5BU6gKTO+xzZJHl3q4QAjGtE3iEnhl787ATINZVdh3JDlQ/yLzGocAHWkL+Wzy8nE5gaKQJkkeMzfC7R1T8=;5:DRJ5VvXF527f5hq+F08XzndhZ0PEkaSsahMu7ouHndBpmSxw9V2/yJlR0XyvOm23xOuenugXpgnRdAldzLZu0oPHQoh2bhlzD6PBLrOF0BF5a/S23yhvgV7LrYCFkEVXsCart3iGUXTanRCbc1lLvy5+0IeKuoyePsNC2Isz1OE=;24:NYmiYScRYdcb4TvBjx9NUdJmi2W84gXNfDBTP3bt1qa/ixnGSgYBtJczzbleX3/QTjjhw5pX8gZdrEJYvQ+X5uxrwM0PAYrT2OWppmRATJI=;7:xymXj3O+bW+o2swpvO1QFP1qk6X+WoX3GGeyLBMB+zlQcrl9VxgEK81guc20mdR8C7K5wTvxceT4XEjkD7j5dwgdovtwkS+NHj3a31fe+y7QWR4bBH4FAvCeTAKADv9apYlkzkuOKGvIYZsWIgcMW7VeAyCtOuJTJWe0nShTkdqBWAGo1KWPcOOWCpRTVk0WZbiKoUcwU5mAzr9hRADJ8KClIOfT3CjfKHJZVUNXVMHosAZpN3SqV5/nKuty7YRE x-ms-exchange-antispam-srfa-diagnostics: SSOS; X-MS-Office365-Filtering-Correlation-Id: d1701e77-0e62-4c54-1b57-08d530b2c6db X-Microsoft-Antispam-Untrusted: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(4603075)(4627115)(201702281549075)(5600016)(4604075)(2017052603258);SRVR:VI1PR0701MB2941; X-MS-TrafficTypeDiagnostic: VI1PR0701MB2941:|HE1PR0702MB3593: X-Microsoft-Antispam-PRVS: x-exchange-antispam-report-test: UriScan:(190461294614860)(67729699691378);UriScan:(190461294614860)(67729699691378); x-exchange-antispam-report-cfa-test: =?us-ascii?Q?BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101?= =?us-ascii?Q?)(100105300095)(100000702101)(100105100095)(6040450)(2401047?= =?us-ascii?Q?)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(?= =?us-ascii?Q?3231022)(93006095)(93001095)(10201501046)(6041248)(201611235?= =?us-ascii?Q?60025)(201703131423075)(201702281528075)(201703061421075)(20?= =?us-ascii?Q?1703061406153)(20161123555025)(20161123562025)(2016111802025?= =?us-ascii?Q?)(20161123564025)(20161123558100)(6072148)(6043046)(20170807?= =?us-ascii?Q?1742011)(100000704101)(100105200095)(100000705101)(100105500?= =?us-ascii?Q?095);SRVR:VI1PR0701MB2941;BCL:0;PCL:0;RULEID:(100000800101)(?= =?us-ascii?Q?100110000095)(100000801101)(100110300095)(100000802101)(1001?= =?us-ascii?Q?10100095)(100000803101)(100110400095)(100000804101)(10011020?= =?us-ascii?Q?0095)(100000805101)(100110500095);SRVR:VI1PR0701MB2941;BCL:0?= =?us-ascii?Q?;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100?= =?us-ascii?Q?105300095)(100000702101)(100105100095)(6040450)(2401047)(500?= =?us-ascii?Q?5006)(8121501046)(3231022)(3002001)(93006095)(93003095)(1020?= =?us-ascii?Q?1501046)(100000703101)(100105400095)(6041248)(2016111802025)?= =?us-ascii?Q?(20161123555025)(20161123558100)(201703131423075)(2017022815?= =?us-ascii?Q?28075)(201703061421075)(201703061406153)(20161123564025)(201?= =?us-ascii?Q?61123562025)(20161123560025)(6043046)(6072148)(2017080717420?= =?us-ascii?Q?11)(100000704101)(100105200095)(100000705101)(100105500095);?= =?us-ascii?Q?SRVR:HE1PR0702MB3593;BCL:0;PCL:0;RULEID:(100000800101)(10011?= =?us-ascii?Q?0000095)(100000801101)(100110300095)(100000802101)(100110100?= =?us-ascii?Q?095)(100000803101)(100110400095)(100000804101)(100110200095)?= =?us-ascii?Q?(100000805101)(100110500095);SRVR:HE1PR0702MB3593;?= x-forefront-prvs: 049897979A X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10019020)(346002)(376002)(39830400002)(189002)(199003)(377424004)(24454002)(54164003)(6606003)(189998001)(2501003)(15974865002)(54356999)(86362001)(316002)(5660300001)(101416001)(50986999)(76176999)(7696004)(93886005)(3846002)(6246003)(6116002)(6436002)(74316002)(8676002)(1730700003)(81156014)(6506006)(4001150100001)(53386004)(99286004)(229853002)(81166006)(1680700002)(5640700003)(55016002)(102836003)(7736002)(97736004)(66066001)(68736007)(2940100002)(5250100002)(9686003)(54896002)(8936002)(606006)(53546010)(6306002)(236005)(2906002)(2950100002)(14454004)(3660700001)(6916009)(53936002)(966005)(478600001)(45080400002)(25786009)(3280700002)(33656002)(2351001)(19627405001)(105586002)(106356001)(2900100001);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR0701MB2941;H:VI1PR0701MB2944.eurprd07.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; received-spf: None (protection.outlook.com: shapeblue.com does not designate permitted sender hosts) Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=rohit.yadav@shapeblue.com; SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-CWesigProcessed: Y X-MAIL_SIG_VERSION: 4.0.2.4333 X-MAIL_SIG_SERVER: smtpworker-in-14.xware-eu-1.o365.crossware.co.nz X-MAIL_SIG_CONFIGNAME: Plain Text for Mailing Lists etc X-MAIL_SIG_CONFIGNAMEPLIED: Plain Text for Mailing Lists etc Content-Type: multipart/alternative; boundary="_000_VI1PR0701MB29448E42EB2DA87E4A1E2EF6E9230VI1PR0701MB2944_" MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2941 X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR01FT060.eop-EUR01.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:104.40.179.195;IPV:NLI;CTRY:;EFV:NLI;SFV:NSPM;SFS:(10019020)(346002)(39830400002)(376002)(2980300002)(1109001)(1110001)(339900001)(189002)(377424004)(24454002)(54164003)(199003)(53936002)(956001)(53546010)(93886005)(2940100002)(102836003)(3846002)(8676002)(6116002)(33656002)(25786009)(6306002)(16586007)(74316002)(6246003)(7696004)(53386004)(316002)(15974865002)(5660300001)(236005)(55016002)(84326002)(606006)(189998001)(9686003)(2900100001)(5250100002)(54896002)(76176999)(50986999)(7736002)(99286004)(61614004)(54356999)(356003)(86362001)(97736004)(68736007)(4001150100001)(512934002)(5640700003)(81156014)(6506006)(1680700002)(2501003)(1730700003)(81166006)(14454004)(966005)(45080400002)(2906002)(478600001)(8936002)(6916009)(2351001)(66066001)(229853002)(105606002)(2950100002)(106466001)(19627405001);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR0702MB3593;H:smtpworker-in-14.xware-eu-1.o365.crossware.co.nz;FPR:;SPF:Fail;PTR:InfoDomainNonexistent;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: 1;VE1EUR01FT060;1:gB/IuWQfd309T7ThAur+jMfcfuW6/0nHA6g/3E1Ak08K84H1RnhrWjBVc8M9Vfg1etmNU7bk58mrNzUcftQY6V6Qux5t4mXKqfJpI4TOlnu+m+5hRvmu7aoON39VcYja X-CrossPremisesHeadersPromoted: VE1EUR01FT060.eop-EUR01.prod.protection.outlook.com X-CrossPremisesHeadersFiltered: VE1EUR01FT060.eop-EUR01.prod.protection.outlook.com X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(4603075)(4627115)(201702281549075)(5600016)(4604075)(2017052603258);SRVR:HE1PR0702MB3593; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0702MB3593;3:jTj6PPP0nn0CfcR5cTy/rl0nSyaNQR3lc/umMECfxAYle1b/gZoHb9StfCMWDbKAvU7y37PLJd+rmH3euFM8ca++spGPiRDzcF8jRysKyyxuKdzU5SYfRM5Yoo/Fhb5gd/YDEQpxgBygtoH99dIo25DhBoHXobMCUqJgf8SB3SAGaPjdx/JoMe/Z6UQqhVLLGngJXwszLM8iKAqV9/FqFIMjWqX+4UyzlJuX0+Qp4O2LwRTy3ajxjDJgp/9fSe6D1jISnvXonrV4EsZAIumlCYRPxjvSB7wkPHk8exBSOMVjNNrqfDKZjS2D41SbcxSbZPamoCqsoFISYTL8AbMl1A==;25:uotrAm3/Jb9mPF511QMDOcMCbIkcUgtC3jQJwTzbx7vVjWcQAkrXgLF/b1mqgWSltsupBUT/tJ/c1lwRKemYaqp0JUb6Ne+kCNz4FECVAb5V81zIqyKeoPpO5xB1FyunptlkY87TlWoTucZ+ocol0D7x1kkf5fwV5z/XgdafqC1H1hwIQG+58NKQpFPnSARjTHmkh+6slW93SSpZa+L+28697QC0o5O/etV+zP91NVLlLDObufTGGICeMiD0t2uNNIMHKMlZvz/u6riinnI0Z7NAE5yS/C6LYnS2/RIzzHO67PFMbmrkE6bHWrSkuCf8VCx4zPs4ky8reyM24YONxg==;31:DegfuvLGNoL4rR+fjtbQTBfaL5e/Af2/d2s5r1d6Su80en5nu7vZNXRxkfx5+89Yr0aAHYPxTUdao0+HtvSGRNLC6Fzfh3svT5FRTJQT2Gy0MMac+XWZW5tz31p27cPKsKR58Pb6CNsCtABzpZvdDxPuroaihR6Yx9FlW1/k/FxwDIpzM6QRZ3WPw5EjpBalC53I0rMgIDPZpch8BhnuS8hYapLySmSJ1U2641DvWQ4= X-Microsoft-Exchange-Diagnostics: 1;HE1PR0702MB3593;20:uQHVc7wuhrYmV5AivoizUDSxNsL0LxJ7yEmYSLpstFxFi0pJLZedgODylIFT7Kl0DZJtTGmZAZMw9Ljbgg1D+87BbZxEAqHItyBfWpX/+ixi20STBJZWZYPZwSzqbe51x3E5QB7kefZMwhJ4BSIDyEBsc2U+br4Qi1ht9ptvEjvmWq2JuSo/Sl8bH+9pYHWLDe4WGE8O2BYdBkfKgfiSDL64plB0ZNi0h0S6pZYBsADqpp/8GVRJbZiFAdeFPeBe;4:ga46ORPuuxEwKX8Pvz5BrOrGBBzh+fV7N8/hwjw6C0bVcxE5he+erftuBn09HJf6UjZsuDAyS96t09RbZLtgXcw+xySLu1YSvmrUTKPVQg6drtjdSyKbaRrw8XhZV1TxAXluZH0UPFu/IizmPuZewM4xR6OZR4diuVVV9KSyD9ktzHcwl+yP98MDQgNeLOXgVZir98i/3UvtY8gXFQwC8sTFOZDQZ+hn5sgGbjAm2HYCvaGSu1UWfsbAfpk5Bv9ynzRgeIEJcBFmn8iJ+E4IOSmPk9KRu6bfa/f0ZsxGYAYSgTN8baXjfoazUh6sAyvfIykrwWUEiZ4ZJJm/ezURNjyxzpAGE66raDSv7KoSmrI= X-Forefront-PRVS: 049897979A X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;HE1PR0702MB3593;23:h/6xqXHjkHneg8JI22bFyf5ujMhexA1Da1Q3/Jy?= =?us-ascii?Q?UCPZpvPpiNqy3/eow7uOLWMZD5dkchnG74hXMbVeE3DuNlmnvTWU4JULMCgM?= =?us-ascii?Q?us762nnh/gbc9bTZrASMSkBlk1atxGU9l6HkOcwalM8PBuJuBQdHOuh7wCci?= =?us-ascii?Q?ommwZh7qFpxWpkyIy5bwh0PgDzORLHXO5nNoP4YRKfjEmPWlbO6WBH3jy8rX?= =?us-ascii?Q?5lDOiC8EkrI7oOScH5ZrT96L3uZIxhb4EF0wA2ViIawbiiOjZlxd9krBaod3?= =?us-ascii?Q?yJzusIy/nIKsI9MBwDLIvu0HvEKegO2D48mUGEzqszCyUI5nmatPhiKm5CLf?= =?us-ascii?Q?/xV5xvUjdz/qSRgvbHj7ADY423aSkFyXols9/X+TZ5wHKVwi5RCL6YRcX6Vw?= =?us-ascii?Q?DF1xN2f/lJdR7dm0VttV3GT3TLq747x5W+fFzronjLS1HFu3NZXuv2gfIkj0?= =?us-ascii?Q?Mor4gtDseTlMS1ONmxypMN5Kh6JI2OnbGNEcLB30UPVkfx7PfSXaUGdKemPl?= =?us-ascii?Q?yDdW868IYgj/2yPHbLnpocxtoR7O4E4mHhCwZnYvWWWgMnNDsZyqpmWs0xQ9?= =?us-ascii?Q?j8op5+WlbCQptbaeexEyRMrMk2WfiX6HZD+Afnx51KEXOF5RDKRu+u/4tLko?= =?us-ascii?Q?X3qxmPTYaUtRF0eJkTeNmuSk85Y7YtqivWXTgvXxMPmaT16x93xMmwk/feON?= =?us-ascii?Q?LowGyHV4d/9r9lvEoaVQqUUzaibWVysk28tNcYOsVV8PJMzlaSiq1hjKQ49T?= =?us-ascii?Q?J1Vv0tsIo79OCwqHVyX38f0KwFobeiSMaCs0fLS8MKv46XSwXBaahAy+y2HJ?= =?us-ascii?Q?Bj5EKxteSfqYW0XmH+V34RO8WE3QgfUwp0d3w3LltMfp8JpiuED3DGx+HTqK?= =?us-ascii?Q?q//tyYbMvKSQRqReX2XlmKBAm+NnXwW2WdzG42e3BN9C0IShwtM3dNIx+Doe?= =?us-ascii?Q?arQ5sf7Gi9uq6HZlKzmNwEAznEqdBPLSslT/TD8ClOnNXdZ8Nqnd0yu8fm0d?= =?us-ascii?Q?Z36DWhmcxgRZ5WFyqCdSJVZNLxTYhvnj9bmuQCM34C33KjHqyTISUtxSWJAu?= =?us-ascii?Q?XOSctpBqevrkdzgzT4LS5LGkNbbrz2YQIB3/5ITZLW77ygcXT2LwlGBrnF5w?= =?us-ascii?Q?tXCsoJCqeOZh807Jr0oq0qCAoOQ7+4FfNi06RgrzPr88lX/428ItWrnTPrwD?= =?us-ascii?Q?pw4k2rkaHucsUnmrRasKe4aCNhMXg2EyfGPiM6d+CetICXeBU7S/+kWd4EaZ?= =?us-ascii?Q?kMwpk06uZisD10e5KrUQQuGG2BDoBxiNIudmW8Q1Yublllg25BHcCwCAX6Ul?= =?us-ascii?Q?v1pPtoiRQXh4NozyueuAz4vRraoTJ8r0tLcVB0FzNPLQXL1oG5ai4c1cFiD+?= =?us-ascii?Q?zCzPRj9ZnA8F4qP8XxyuSGJRzM0Xtc92i/+PMt40z5jFlVGKh7wuzkRfwRfC?= =?us-ascii?Q?qRyrrC6Mmhc9Dm6opTLBaPaXIMX4MO1OalHKzccC9x16aSd/GztvK/UXXzwU?= =?us-ascii?Q?gu9yJ+sYPF9+G7HkSbASKsipNwt4pxar/JnHkU44iP0AAdk/4sxzflqRqcj+?= =?us-ascii?Q?1fWpbxrje6+PDhdin/XaUpXiL63HfSp+CQDiZRiWoBu4eNMJky0y6/x6lxWp?= =?us-ascii?Q?g6UIoMmbOyyPXA1bJna2ohMkxoViYhMTP2eEpESJxyFQ18/RnFW7128gVVdG?= =?us-ascii?Q?ITqsVWi+FEUwY3Og1TSPIkdocKtbUVJa5dozmgo5jDSlMvUc=3D?= X-Microsoft-Exchange-Diagnostics: 1;HE1PR0702MB3593;6:z6oeyDe40cvO1F7j+AXz5kj6ckZFsNUxg+LSSesjHG9zaO/id9U1AK8m4Sau97IUMSrSQf/IFNXvUoKUPXYseeEVAHAw1DdtvubX24uMcKEg/xDQ8bJQ7hZKzqMsIWi+rL7gtsd+g/0jupxG7OPI0NVEI/GsOtGKDiiVGcJMtLvUmh/Q5X2g1Ir77JNGd3W9q7LOzMsSdGtkd45Erw+gkByOYi7b7DEdcT/v8wu78S+zJJZCjTxr0mc3RANzWBVLq6CZ8ON3YDdIput5q1IU1w0GG59YrnufkqxvPf9yb4VVSiWm27YT0dy9IVwWrOb9FV51Che1b6bRZc7GBsacPer1Z+6p0tRcCbXIkwHrzW8=;5:4x4dIetKoAzz/ODU9KP3eVqPAYOr66IWw7mTCdgqs6NT/d6VeN2EHLY4FAIKCTsa7yd1QbhOZaAdsx7tdFmGOkg4XvjmyDu99GtkdfMrT4jQ03s7/fSAs/aRM699cawT7pMjwfAft4IlEDC89r8O+8fUQsjQs1t04wAWRBRqhIo=;24:L9ALrhkJ+b4wSkPuAdPAbUj39p9w7nlPgDyFq+q8YOjkQ05iJ4bPHYVl5xWKt5sbtusMEEpeDpY953dJxfOoBwsCX1944zxPtmGn33PRS78=;7:rQoV+TZh0YL0sfXpdKEVQ07zpzqFIGav2amWJ7LQ/qofGqh4N/xZryOrRIGyjGPp1EN6OIXdYutNdpv3tyafclkKILkORysN0i3Mq0JTA4IwBFGsJK+TH6RQIeH6SLgYtVZhkf3HF57H+LyqtoXKYJ1rrO3dr37cjEbU6vo2upLqhjVYgV4LIh/o+vf3dCy9lg2uECuE4LX4effyS0rLw71wFVVEMNI007JcnKdjTcPH+TF6ZyLhUNVyWGUVWXkD X-OriginatorOrg: shapeblue.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Nov 2017 07:37:54.0415 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d1701e77-0e62-4c54-1b57-08d530b2c6db X-MS-Exchange-CrossTenant-Id: fc8906f6-e50e-4dad-98a0-ec2e3abe14f5 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fc8906f6-e50e-4dad-98a0-ec2e3abe14f5;Ip=[104.40.179.195];Helo=[smtpworker-in-14.xware-eu-1.o365.crossware.co.nz] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3593 archived-at: Tue, 21 Nov 2017 07:38:11 -0000 --_000_VI1PR0701MB29448E42EB2DA87E4A1E2EF6E9230VI1PR0701MB2944_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable All, Thanks to everyone who've reviewed the FS so far - Wido, Rafael, Marc-Aur= =E8le. I'll summarize additional information on this feature: - CloudStack's addHost API calls cloudstack-setup-agent on KVM hosts that a= lready do inject configuration in libvirtd.conf file. - The crux of this feature is to use the new CA framework's provisioned cer= tificates for libvirtd+tls setup based on a global setting (cluster scope) = and enable secure live VM migration across KVM hosts wherever applicable. L= ibvirtd tls setup in the conf file can be done by the existing cloudstack-s= etup-agent script infra. - This feature will only use the qemu+tls:// scheme when both source and de= stination hosts have their libvirtd tls enabled. Regards. ________________________________ From: Rohit Yadav Sent: Tuesday, November 21, 2017 11:39:34 AM To: dev@cloudstack.apache.org Subject: Re: [FS] Request for comments: Secure VM Live Migration for KVM Hi Marc, Thanks for your comments, I'll reply to them on the cwiki page. Briefly - CloudStack does support live VM migration already and presently o= n adding a KVM host using CloudStack 's addHost runs cloudstack-setup-agent= and configures libvirtd by adding suitable options to enable libvirtd on t= cp. I'll have another look at your PR too. Regards. Get Outlook for Android ________________________________ From: Marc-Aur=E8le Brothier - Exoscale Sent: Friday, November 17, 2017 8:06:55 PM To: dev@cloudstack.apache.org Subject: Re: [FS] Request for comments: Secure VM Live Migration for KVM Working, thanks! rohit.yadav@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue rohit.yadav@shapeblue.com=A0 www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue =20 =20 On Fri, 2017-11-17 at 11:27 -0200, Rafael Weing=E4rtner wrote: > Marc I added permission to you; can you test if you can make comments > now? > > On Fri, Nov 17, 2017 at 11:20 AM, Marc-Aur=E8le Brothier - Exoscale < > marco@exoscale.ch> wrote: > > > I'm not able to post comments on the wiki even when logged in so I > > post > > to the mailing list. I guess I'm not in any special wiki group to > > edit > > CS pages. > > > > Good news you made the live migration working (right?) on master. > > Is it > > really something we want to control under CS on the agent > > installation > > all this libvirt TLS setup? Maybe the installation could write > > libvirtd > > configuration file for TLS and non-TLS setup in CS and/or libvirt > > /etc > > directory but without overriding the normal one. I have to admit > > I'm > > not familiar with how things are usually done in CS for external > > components. > > > > You can also add to cloudstack configuration the libvirt flags used > > for > > the live migration, which should be customizable in some way. On my > > PR > > it's in agent.properties, but it could be sent along with the > > migration > > command. > > > > I would welcome if you could setup a wiki page that I could edit on > > the > > KVM live migration so I could add my remark on my experience and > > things > > to config/consider. > > > > On your question: +1 on having the configuration value for TLS or > > plain > > tcp. > > > > Marc-Aur=E8le > > > > On Thu, 2017-11-16 at 10:32 +0000, Rohit Yadav wrote: > > > All, > > > > > > > > > Kindly review and share your thoughts and comments for a new > > > feature > > > - Secure VM live migration for KVM, this feature builds on top of > > > the > > > previous feature that brought in a new CA framework [1] for > > > CloudStack. > > > > > > > > > Here is a rough first draft for your review: > > > > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+KVM > > > +VM+ > > > Live+Migration > > > > > > > > > [1] https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure > > > +Age > > > nt+Communications > > > > > > > > > Regards. > > > > > > rohit.yadav@shapeblue.com > > > www.shapeblue.com > > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > > @shapeblue > > > > > > > > > > > > --_000_VI1PR0701MB29448E42EB2DA87E4A1E2EF6E9230VI1PR0701MB2944_--