Re: Suggestion for merging xl save/restore/migrate/migrate-receive

All of lore.kernel.org
 help / color / mirror / Atom feed

From: George Dunlap <george.dunlap@eu.citrix.com>
To: Zhigang Wang <zhigang.x.wang@oracle.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>,
	xen-devel <xen-devel@lists.xen.org>
Subject: Re: Suggestion for merging xl save/restore/migrate/migrate-receive
Date: Mon, 16 Sep 2013 17:05:20 +0100	[thread overview]
Message-ID: <52372C40.1090704@eu.citrix.com> (raw)
In-Reply-To: <5237291C.9090100@oracle.com>

On 16/09/13 16:51, Zhigang Wang wrote:
> On 09/16/2013 06:04 AM, George Dunlap wrote:
>> On Fri, Sep 13, 2013 at 5:04 PM, Zhigang Wang <zhigang.x.wang@oracle.com> wrote:
>>> Hi,
>>>
>>> As we talked in
>>> http://lists.xen.org/archives/html/xen-devel/2013-09/msg00211.html , I have a
>>> suggestion: what about merging xl save/restore/migrate/migrate-receive?
>>>
>>> Here is the description: xl-migrate.rst
>> Thanks for bringing this up, but this thing with attaching files that
>> actually contain your proposal isn't really going to work.  Can you
>> please resend this with your proposals in-line, so that 1) the entire
>> discussion can happen in the mail reader, rather than having to switch
>> back and forth between an editor and a reader, 2) people can comment
>> in-line on the proposals?
>>
>> Thanks,
>>   -George
>>
> Thanks George for the comment. Here it is:

Thanks.

> * Merge `xl migrate/migrate-receive` to `xl save/restore`:
>
>    - To save a VM::
>
>        # xl save [-c] <domain> -f vm.chk
>
>      Or::
>
>        # xl save [-c] <domain> >vm.chk
>
>    - To restore a VM::
>
>        # xl restore -f vm.chk
>
>      Or::
>
>        # cat vm.chk | xl restore
>
>    - To migrate a VM using ssh/sshd::
>
>        # xl save -c <domain> | ssh root@<remote-host> xl restore

I don't necessarily mind *adding* an interface like this, if it can be 
made to work, but I definitely don't think that we should be replacing 
"xl migrate" with this interface; this is too techy, and not really at 
all like the rest of the xl interface.

But what I think would be better is to implement the two other 
transports you mention -- ssl and no encryption.

>
>      We can implement a wrapper to make `xl migrate <domain> <remote-host>` to
>      call the above command.
>
>    - To migrate a VM using dedicated migrate receive daemon::
>
>        # xl save -c <domain> | socat - TCP:<remote-host>:8004"
>
>      Or with SSL::
>
>        # xl save -c <domain> | socat - OPENSSL:<remote-host>:8005,verify=0
>
>    - Localhost migration::
>
>        # xl save <domain> | xl restrore
>
>    - Localhost live migration::
>
>        # xl save -c <domain> | xl restrore
>
>    Patch: I don't have the capability and time to implement it yet.
>
>
> ---- xl-migrate-socat.rst ----
>
> ==========
> XL Migrate
> ==========
>
> :Date: 2013-09-16
>
> Current Status
> ==============
>
> * xl migrate leverages ssh/sshd::
>
>        xl migrate <domain> <host>
>
> * In order to migrate a VM without user interactive, we have to configure ssh
>    keys for all Servers in a pool. Key management with dynamic Server Pools is
>    error prone.
> * In certain cases, customers need non-ssl migrate, which greatly improves the
>    migration speed. There's no way to do it with ssh.

Just to make sure I understand correctly then: you're throwing 
authentication out the window, assuming that the host network is 
entirely trusted -- even when using ssl?

  -George

next prev parent reply	other threads:[~2013-09-16 16:05 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-13 16:04 Suggestion for merging xl save/restore/migrate/migrate-receive Zhigang Wang
2013-09-16 10:04 ` George Dunlap
2013-09-16 15:51   ` Zhigang Wang
2013-09-16 16:05     ` George Dunlap [this message]
2013-09-16 16:07       ` George Dunlap
2013-09-16 16:20     ` Ian Jackson
2013-09-16 16:40       ` George Dunlap
2013-09-16 17:06         ` Ian Jackson
2013-09-16 17:21         ` Zhigang Wang
2013-09-16 17:41       ` Zhigang Wang
2013-09-16 20:42         ` Ian Campbell
2013-09-16 20:51           ` Zhigang Wang
2013-09-17  8:25         ` George Dunlap
2013-09-17  9:26           ` Ian Jackson
2013-09-17 10:07             ` George Dunlap
2013-09-17 13:44             ` Zhigang Wang
2013-09-24 16:46           ` Konrad Rzeszutek Wilk
2013-09-25 10:06             ` George Dunlap
2013-10-03  2:19               ` Matt Wilson
2013-10-03 13:34                 ` Zhigang Wang
2013-09-17 10:28     ` George Dunlap
2013-09-17 10:45       ` Processed: " xen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52372C40.1090704@eu.citrix.com \
    --to=george.dunlap@eu.citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=xen-devel@lists.xen.org \
    --cc=zhigang.x.wang@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.