mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-06 21:15:22 +00:00
docs: mention migration issue of which credentials are used
Based on a report by Seth Vidal. Just because _you_ can use virsh
to connect to both source and destinations does not mean that libvirtd
on the source (aka _root_) can likewise connect to the destination;
this matters when setting up a peer-to-peer migration instead of a
native one.
* docs/migration.html.in: Mention that in peer-to-peer, the owner
of the source libvirtd (usually root) must be able to connect to
the destination.
(cherry picked from commit 38bd605b71
)
This commit is contained in:
parent
df4b23c9de
commit
d1186c589f
@ -87,7 +87,13 @@
|
|||||||
daemon controls the entire migration process itself, by directly
|
daemon controls the entire migration process itself, by directly
|
||||||
connecting the destination host libvirtd. If the client application crashes,
|
connecting the destination host libvirtd. If the client application crashes,
|
||||||
or otherwise loses its connection to libvirtd, the migration process
|
or otherwise loses its connection to libvirtd, the migration process
|
||||||
will continue uninterrupted until completion.
|
will continue uninterrupted until completion. Note that the
|
||||||
|
source libvirtd uses its own credentials (typically root) to
|
||||||
|
connect to the destination, rather than the credentials used
|
||||||
|
by the client to connect to the source; if these differ, it is
|
||||||
|
common to run into a situation where a client can connect to the
|
||||||
|
destination directly but the source cannot make the connection to
|
||||||
|
set up the peer-to-peer migration.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
@ -139,7 +145,9 @@
|
|||||||
connection to the source host, where the virtual guest is
|
connection to the source host, where the virtual guest is
|
||||||
currently running. The second URI is that of the libvirt
|
currently running. The second URI is that of the libvirt
|
||||||
connection to the destination host, where the virtual guest
|
connection to the destination host, where the virtual guest
|
||||||
will be moved to. The third URI is a hypervisor specific
|
will be moved to (and in peer-to-peer migrations, this is from
|
||||||
|
the perspective of the source, not the client). The third URI is
|
||||||
|
a hypervisor specific
|
||||||
URI used to control how the guest will be migrated. With
|
URI used to control how the guest will be migrated. With
|
||||||
any managed migration flow, the first and second URIs are
|
any managed migration flow, the first and second URIs are
|
||||||
compulsory, while the third URI is optional. With the
|
compulsory, while the third URI is optional. With the
|
||||||
@ -533,7 +541,10 @@
|
|||||||
destination libvirtd server will automatically determine
|
destination libvirtd server will automatically determine
|
||||||
the native hypervisor URI for migration, based off the
|
the native hypervisor URI for migration, based off the
|
||||||
primary hostname. There is no scope for forcing an alternative
|
primary hostname. There is no scope for forcing an alternative
|
||||||
network interface for the native migration data with this method.
|
network interface for the native migration data with this
|
||||||
|
method. The destination URI must be reachable using the source
|
||||||
|
libvirtd credentials (which are not necessarily the same as the
|
||||||
|
credentials of the client in connecting to the source).
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<pre>
|
<pre>
|
||||||
@ -571,7 +582,10 @@
|
|||||||
in case it is not accessible using the same address that
|
in case it is not accessible using the same address that
|
||||||
the client uses to connect to the destination, or a different
|
the client uses to connect to the destination, or a different
|
||||||
encryption/auth scheme is required. The native hypervisor URI
|
encryption/auth scheme is required. The native hypervisor URI
|
||||||
format is not used at all.
|
format is not used at all. The destination URI must be
|
||||||
|
reachable using the source libvirtd credentials (which are not
|
||||||
|
necessarily the same as the credentials of the client in
|
||||||
|
connecting to the source).
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<pre>
|
<pre>
|
||||||
|
Loading…
Reference in New Issue
Block a user