Feature #595
Support locally initiated migration
| Status: | Closed | Start date: | 04/27/2011 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Javi Fontan | % Done: | 0% | |
| Category: | Core & System | |||
| Target version: | Release 3.0 | |||
| Resolution: | fixed | Pull request: |
Description
The security model we have adopted for our environment does not permit ssh connectivity between the hosts in our VM cluster. All operations are initiated from the OpenNebula server. The idea here is that a compromise on one host does not lead to a compromise of the entire cluster.
This model works fine with the stock libvirt tools. For example:
virsh -c qemu+ssh://host0/system migrate --live guest0 qemu+ssh://host1/systemThis will contact host0 over ssh and host1 over ssh, which will then talk to each other over a TCP channel selected by KVM.
This doesn't work with OpenNebula out of the box, because the "migrate" action is unilaterally initiated on the source host (host0 in the above example), which will then try to contact host1 over ssh. The attached patch introduces the "--local" (-L) option to one_vmm_ssh.rb, which accepts a comma-delimited list of actions that should be initiated on the OpenNebula server via local_action() rather than on a remote system via remotes_action(). This logic is currently implemented for the 'poll' and 'migrate' actions.
The patch does not modify the default behavior of OpenNebula.
The patch also introduces the "migrate_local" command to handle the local migrate action.
These changes are against "release-2.2" in the git tree.
With this patch in place, our VMM_MAD definition in oned.conf looks like this:
VM_MAD = [
name = "vmm_kvm",
executable = "one_vmm_ssh",
arguments = "-t 15 -r 0 -L migrate kvm",
default = "vmm_ssh/vmm_ssh_kvm.conf",
type = "kvm" ]
And the hosts only accept ssh connections originating from the OpenNebula server.
0002-support-locally-initiated-live-migration.patch 
- patch adding locally initiated migrate action
(7.44 KB)
Associated revisions
feature #595: vmm changes to support local exec
Added support code to driver libraries so they support both local and remote scripts execution. one_vmm_ssh driver was modified to test these changes.
feature #595: changed comments and formating
feature #595: refactored code to eliminate duplicate functionality
feature #595: changed comments and formating
feature #595: do_actions now accepts default script name
feature #595: imm_ssh driver modified to support local and remote
feature #595: scripts always get id and host as parameters
feature #595: moved read_configuration to OpenNebulaDriver
feature #595: changed initializers to use options hash
feature #595: added documentation
feature #595: added tests to OpenNebulaDriver
feature #595: remove whitespace
feature #595: changed one_vmm_ssh to one_vmm_exec, sh driver is deleted
feature #595: added one_vmm_sh wrapper
feature #595: changed one_vmm_ssh to _exec in oned.conf
feature #595: tests for OpenNebulaDriver#remotes_action
feature #595: tests for OpenNebulaDriver local_action and log
feature #595: changed im_ssh to im_exec
feature #595: bug in im_ssh
feature #595: changed tm to use new libraries
feature #595: changed ec2 driver to use new libraries
feature #595: added one_vmm_ssh wrapper
feature #595: bug in tm driver
feature #595: cleanup comments
feature #595: change image driver to use new mad libraries
feature #595: changed ec2 driver to use new mad libraries
feature #595: cleanup comments and code
feature #595: changed auth driver to use new driver libraries
feature #595: changed hook manager to use the new driver library
feature #595: changed vmm_dummy to use the new driver library
feature #595: changed im_dummy to use the new driver library
feature #595: comments and code formatting
feature #595: im driver -l option does not get parameters
feature #595: added im sh and ssh wrappers
feature #595: removed im_sh driver
feature #595: im_ec2 does not have a remotes dir
feature #595: now remotes copy is retried
feature #595: added migrate_local action to kvm
feature #595: bug in migrate_local script
feature #595: added kvm migrate_local to install.sh
feature #595: changed tests as the code now is different
Old expectations are still in the test commented as I am not really
sure the code or tests are right.
TODO: revise tests and library behavior
History
#1
Updated by Ruben S. Montero about 10 years ago
- Assignee set to Javi Fontan
- Target version changed from Release 2.2 to Release 3.0
OK Thanks for the patch, this is scheduled for the next release.
Thanks again for the contribution :)
#2
Updated by Javi Fontan about 10 years ago
- Status changed from New to Assigned
#3
Updated by Javi Fontan about 10 years ago
Local migration script is added in 867ae0f. The way to specify the local migration is with arguments:
-l migrate=migrate_local
#4
Updated by Javi Fontan about 10 years ago
- Status changed from Assigned to Closed
- Resolution set to fixed