From f51cbe92c0d84e29ea1f158ad544a4d69ec1cee3 Mon Sep 17 00:00:00 2001
From: Martin Kletzander
Date: Wed, 2 Sep 2020 12:06:12 +0200
Subject: [PATCH] qemu: Allow migration over UNIX socket
This allows:
a) migration without access to network
b) complete control of the migration stream
c) easy migration between containerised libvirt daemons on the same host
Resolves: https://bugzilla.redhat.com/1638889
Signed-off-by: Martin Kletzander
---
docs/manpages/virsh.rst | 13 ++-
docs/migration.html.in | 33 +++++++
src/qemu/qemu_driver.c | 22 ++++-
src/qemu/qemu_migration.c | 145 ++++++++++++++++++++++---------
src/qemu/qemu_migration_params.c | 9 ++
src/qemu/qemu_migration_params.h | 3 +
src/qemu/qemu_monitor.c | 15 ++++
src/qemu/qemu_monitor.h | 4 +
8 files changed, 201 insertions(+), 43 deletions(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index a0d6c3fadd..ca5acf84ca 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -3270,6 +3270,14 @@ There are a few scenarios where specifying *migrateuri* may help:
might be specified to choose a specific port number outside the default range in
order to comply with local firewall policies.
+* The *desturi* uses UNIX transport method. In this advanced case libvirt
+ should not guess a *migrateuri* and it should be specified using
+ UNIX socket path URI:
+
+.. code-block::
+
+ unix:///path/to/socket
+
See `https://libvirt.org/migration.html#uris `_ for more details on
migration URIs.
@@ -3296,8 +3304,9 @@ specific parameters separated by '&'. Currently recognized parameters are
Optional *listen-address* sets the listen address that hypervisor on the
destination side should bind to for incoming migration. Both IPv4 and IPv6
addresses are accepted as well as hostnames (the resolving is done on
-destination). Some hypervisors do not support this feature and will return an
-error if this parameter is used.
+destination). Some hypervisors do not support specifying the listen address and
+will return an error if this parameter is used. This parameter cannot be used if
+*desturi* uses UNIX transport method.
Optional *disks-port* sets the port that hypervisor on destination side should
bind to for incoming disks traffic. Currently it is supported only by QEMU.
diff --git a/docs/migration.html.in b/docs/migration.html.in
index e95ee9de6f..162c202227 100644
--- a/docs/migration.html.in
+++ b/docs/migration.html.in
@@ -201,6 +201,9 @@
numbers. In the latter case the management application may wish
to choose a specific port number outside the default range in order
to comply with local firewall policies.
+ The second URI uses UNIX transport method. In this advanced case
+ libvirt should not guess a *migrateuri* and it should be specified using
+ UNIX socket path URI: unix:///path/to/socket
.
@@ -628,5 +631,35 @@ virsh migrate --p2p --tunnelled web1 qemu+ssh://desthost/system qemu+ssh://10.0.
Supported by QEMU driver
+
+
+
+
+ In niche scenarios where libvirt daemon does not have access to the
+ network (e.g. running in a restricted container on a host that has
+ accessible network), when a management application wants to have complete
+ control over the transfer or when migrating between two containers on the
+ same host all the communication can be done using UNIX sockets. This
+ includes connecting to non-standard socket path for the destination
+ daemon, using UNIX sockets for hypervisor's communication or for the NBD
+ data transfer. All of that can be used with both peer2peer and direct
+ migration options.
+
+
+
+ Example using /tmp/migdir
as a directory representing the
+ same path visible from both libvirt daemons. That can be achieved by
+ bind-mounting the same directory to different containers running separate
+ daemons or forwarding connections to these sockets manually
+ (using socat
, netcat
or a custom piece of
+ software):
+
+virsh migrate web1 [--p2p] --copy-storage-all 'qemu+unix:///system?socket=/tmp/migdir/test-sock-driver' 'unix:///tmp/migdir/test-sock-qemu' --disks-uri unix:///tmp/migdir/test-sock-nbd
+
+
+
+ Supported by QEMU driver
+
+