From efd1a1d6407f73565cf3b4089a2baa4bad0650f8 Mon Sep 17 00:00:00 2001 From: Juan Quintela Date: Wed, 20 Feb 2019 12:06:03 +0100 Subject: multifd: Drop x-multifd-page-count parameter Libvirt don't want to expose (and explain it). From now on we measure the number of packages in bytes instead of pages, so it is the same independently of architecture. We choose the page size of x86. Notice that in the following patch we make this variable. Signed-off-by: Juan Quintela Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Markus Armbruster Signed-off-by: Juan Quintela --- qapi/migration.json | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) (limited to 'qapi') diff --git a/qapi/migration.json b/qapi/migration.json index 5684733754..7cd03596ae 100644 --- a/qapi/migration.json +++ b/qapi/migration.json @@ -562,9 +562,6 @@ # number of sockets used for migration. The # default value is 2 (since 2.11) # -# @x-multifd-page-count: Number of pages sent together to a thread. -# The default value is 16 (since 2.11) -# # @xbzrle-cache-size: cache size to be used by XBZRLE migration. It # needs to be a multiple of the target page size # and a power of 2 @@ -587,7 +584,7 @@ 'cpu-throttle-initial', 'cpu-throttle-increment', 'tls-creds', 'tls-hostname', 'max-bandwidth', 'downtime-limit', 'x-checkpoint-delay', 'block-incremental', - 'x-multifd-channels', 'x-multifd-page-count', + 'x-multifd-channels', 'xbzrle-cache-size', 'max-postcopy-bandwidth', 'max-cpu-throttle' ] } @@ -667,9 +664,6 @@ # number of sockets used for migration. The # default value is 2 (since 2.11) # -# @x-multifd-page-count: Number of pages sent together to a thread. -# The default value is 16 (since 2.11) -# # @xbzrle-cache-size: cache size to be used by XBZRLE migration. It # needs to be a multiple of the target page size # and a power of 2 @@ -704,7 +698,6 @@ '*x-checkpoint-delay': 'int', '*block-incremental': 'bool', '*x-multifd-channels': 'int', - '*x-multifd-page-count': 'int', '*xbzrle-cache-size': 'size', '*max-postcopy-bandwidth': 'size', '*max-cpu-throttle': 'int' } } @@ -800,9 +793,6 @@ # number of sockets used for migration. # The default value is 2 (since 2.11) # -# @x-multifd-page-count: Number of pages sent together to a thread. -# The default value is 16 (since 2.11) -# # @xbzrle-cache-size: cache size to be used by XBZRLE migration. It # needs to be a multiple of the target page size # and a power of 2 @@ -836,7 +826,6 @@ '*x-checkpoint-delay': 'uint32', '*block-incremental': 'bool' , '*x-multifd-channels': 'uint8', - '*x-multifd-page-count': 'uint32', '*xbzrle-cache-size': 'size', '*max-postcopy-bandwidth': 'size', '*max-cpu-throttle':'uint8'} } -- cgit v1.2.3 From cbfd6c957a4437d4759ca660e621daa381bf2898 Mon Sep 17 00:00:00 2001 From: Juan Quintela Date: Wed, 6 Feb 2019 13:54:06 +0100 Subject: multifd: Drop x- We make it supported from now on. Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Markus Armbruster Signed-off-by: Juan Quintela --- qapi/migration.json | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'qapi') diff --git a/qapi/migration.json b/qapi/migration.json index 7cd03596ae..ff3616f4c2 100644 --- a/qapi/migration.json +++ b/qapi/migration.json @@ -401,7 +401,7 @@ # @pause-before-switchover: Pause outgoing migration before serialising device # state and before disabling block IO (since 2.11) # -# @x-multifd: Use more than one fd for migration (since 2.11) +# @multifd: Use more than one fd for migration (since 4.0) # # @dirty-bitmaps: If enabled, QEMU will migrate named dirty bitmaps. # (since 2.12) @@ -420,7 +420,7 @@ { 'enum': 'MigrationCapability', 'data': ['xbzrle', 'rdma-pin-all', 'auto-converge', 'zero-blocks', 'compress', 'events', 'postcopy-ram', 'x-colo', 'release-ram', - 'block', 'return-path', 'pause-before-switchover', 'x-multifd', + 'block', 'return-path', 'pause-before-switchover', 'multifd', 'dirty-bitmaps', 'postcopy-blocktime', 'late-block-activate', 'x-ignore-shared' ] } @@ -557,10 +557,10 @@ # migrated and the destination must already have access to the # same backing chain as was used on the source. (since 2.10) # -# @x-multifd-channels: Number of channels used to migrate data in -# parallel. This is the same number that the -# number of sockets used for migration. The -# default value is 2 (since 2.11) +# @multifd-channels: Number of channels used to migrate data in +# parallel. This is the same number that the +# number of sockets used for migration. The +# default value is 2 (since 4.0) # # @xbzrle-cache-size: cache size to be used by XBZRLE migration. It # needs to be a multiple of the target page size @@ -584,7 +584,7 @@ 'cpu-throttle-initial', 'cpu-throttle-increment', 'tls-creds', 'tls-hostname', 'max-bandwidth', 'downtime-limit', 'x-checkpoint-delay', 'block-incremental', - 'x-multifd-channels', + 'multifd-channels', 'xbzrle-cache-size', 'max-postcopy-bandwidth', 'max-cpu-throttle' ] } @@ -659,10 +659,10 @@ # migrated and the destination must already have access to the # same backing chain as was used on the source. (since 2.10) # -# @x-multifd-channels: Number of channels used to migrate data in -# parallel. This is the same number that the -# number of sockets used for migration. The -# default value is 2 (since 2.11) +# @multifd-channels: Number of channels used to migrate data in +# parallel. This is the same number that the +# number of sockets used for migration. The +# default value is 2 (since 4.0) # # @xbzrle-cache-size: cache size to be used by XBZRLE migration. It # needs to be a multiple of the target page size @@ -697,7 +697,7 @@ '*downtime-limit': 'int', '*x-checkpoint-delay': 'int', '*block-incremental': 'bool', - '*x-multifd-channels': 'int', + '*multifd-channels': 'int', '*xbzrle-cache-size': 'size', '*max-postcopy-bandwidth': 'size', '*max-cpu-throttle': 'int' } } @@ -788,10 +788,10 @@ # migrated and the destination must already have access to the # same backing chain as was used on the source. (since 2.10) # -# @x-multifd-channels: Number of channels used to migrate data in -# parallel. This is the same number that the -# number of sockets used for migration. -# The default value is 2 (since 2.11) +# @multifd-channels: Number of channels used to migrate data in +# parallel. This is the same number that the +# number of sockets used for migration. +# The default value is 2 (since 4.0) # # @xbzrle-cache-size: cache size to be used by XBZRLE migration. It # needs to be a multiple of the target page size @@ -825,7 +825,7 @@ '*downtime-limit': 'uint64', '*x-checkpoint-delay': 'uint32', '*block-incremental': 'bool' , - '*x-multifd-channels': 'uint8', + '*multifd-channels': 'uint8', '*xbzrle-cache-size': 'size', '*max-postcopy-bandwidth': 'size', '*max-cpu-throttle':'uint8'} } -- cgit v1.2.3 From d2f1d29b95aa45d13262b39153ff501ed6b1ac95 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 27 Feb 2019 14:53:24 +0000 Subject: migration: add support for a "tls-authz" migration parameter The QEMU instance that runs as the server for the migration data transport (ie the target QEMU) needs to be able to configure access control so it can prevent unauthorized clients initiating an incoming migration. This adds a new 'tls-authz' migration parameter that is used to provide the QOM ID of a QAuthZ subclass instance that provides the access control check. This is checked against the x509 certificate obtained during the TLS handshake. For example, when starting a QEMU for incoming migration, it is possible to give an example identity of the source QEMU that is intended to be connecting later: $QEMU \ -monitor stdio \ -incoming defer \ ...other args... (qemu) object_add tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\ endpoint=server,verify-peer=yes \ (qemu) object_add authz-simple,id=auth0,identity=CN=laptop.example.com,,\ O=Example Org,,L=London,,ST=London,,C=GB \ (qemu) migrate_incoming tcp:localhost:9000 Reviewed-by: Juan Quintela Signed-off-by: Daniel P. Berrange Signed-off-by: Juan Quintela --- qapi/migration.json | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'qapi') diff --git a/qapi/migration.json b/qapi/migration.json index ff3616f4c2..0a85aadd15 100644 --- a/qapi/migration.json +++ b/qapi/migration.json @@ -541,6 +541,12 @@ # hostname must be provided so that the server's x509 # certificate identity can be validated. (Since 2.7) # +# @tls-authz: ID of the 'authz' object subclass that provides access control +# checking of the TLS x509 certificate distinguished name. +# This object is only resolved at time of use, so can be deleted +# and recreated on the fly while the migration server is active. +# If missing, it will default to denying access (Since 4.0) +# # @max-bandwidth: to set maximum speed for migration. maximum speed in # bytes per second. (Since 2.8) # @@ -582,7 +588,7 @@ 'compress-level', 'compress-threads', 'decompress-threads', 'compress-wait-thread', 'cpu-throttle-initial', 'cpu-throttle-increment', - 'tls-creds', 'tls-hostname', 'max-bandwidth', + 'tls-creds', 'tls-hostname', 'tls-authz', 'max-bandwidth', 'downtime-limit', 'x-checkpoint-delay', 'block-incremental', 'multifd-channels', 'xbzrle-cache-size', 'max-postcopy-bandwidth', @@ -693,6 +699,7 @@ '*cpu-throttle-increment': 'int', '*tls-creds': 'StrOrNull', '*tls-hostname': 'StrOrNull', + '*tls-authz': 'StrOrNull', '*max-bandwidth': 'int', '*downtime-limit': 'int', '*x-checkpoint-delay': 'int', @@ -773,6 +780,10 @@ # associated with the migration URI, if any. (Since 2.9) # Note: 2.8 reports this by omitting tls-hostname instead. # +# @tls-authz: ID of the 'authz' object subclass that provides access control +# checking of the TLS x509 certificate distinguished name. (Since +# 4.0) +# # @max-bandwidth: to set maximum speed for migration. maximum speed in # bytes per second. (Since 2.8) # @@ -821,6 +832,7 @@ '*cpu-throttle-increment': 'uint8', '*tls-creds': 'str', '*tls-hostname': 'str', + '*tls-authz': 'str', '*max-bandwidth': 'size', '*downtime-limit': 'uint64', '*x-checkpoint-delay': 'uint32', -- cgit v1.2.3 From 3a43ac4757b70dfc2964c12ca1ac82f61128cc04 Mon Sep 17 00:00:00 2001 From: Zhang Chen Date: Fri, 22 Mar 2019 18:13:31 +0800 Subject: Migration/colo.c: Add new COLOExitReason to handle all failover state In this patch we add the processing state for COLOExitReason, because we have to identify COLO in the failover processing state or failover error state. In the way, we can handle all the failover state. We have improved the description of the COLOExitReason by the way. Signed-off-by: Zhang Chen Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Juan Quintela Signed-off-by: Juan Quintela --- qapi/migration.json | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'qapi') diff --git a/qapi/migration.json b/qapi/migration.json index 0a85aadd15..e383951765 100644 --- a/qapi/migration.json +++ b/qapi/migration.json @@ -1038,19 +1038,22 @@ ## # @COLOExitReason: # -# The reason for a COLO exit +# The reason for a COLO exit. # -# @none: no failover has ever happened. This can't occur in the -# COLO_EXIT event, only in the result of query-colo-status. +# @none: failover has never happened. This state does not occur +# in the COLO_EXIT event, and is only visible in the result of +# query-colo-status. # -# @request: COLO exit is due to an external request +# @request: COLO exit is due to an external request. # -# @error: COLO exit is due to an internal error +# @error: COLO exit is due to an internal error. +# +# @processing: COLO is currently handling a failover (since 4.0). # # Since: 3.1 ## { 'enum': 'COLOExitReason', - 'data': [ 'none', 'request', 'error' ] } + 'data': [ 'none', 'request', 'error' , 'processing' ] } ## # @x-colo-lost-heartbeat: -- cgit v1.2.3 From 5ed0deca41b201a66d858d7296fe6b780d757404 Mon Sep 17 00:00:00 2001 From: Zhang Chen Date: Fri, 22 Mar 2019 18:13:33 +0800 Subject: Migration/colo.c: Make user obtain the last COLO mode info after failover Add the last_colo_mode to save the status after failover. This patch can solve the issue that user want to get last colo mode use query_colo_status after failover. Signed-off-by: Zhang Chen Reviewed-by: Juan Quintela Signed-off-by: Juan Quintela --- qapi/migration.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'qapi') diff --git a/qapi/migration.json b/qapi/migration.json index e383951765..cfde29acf8 100644 --- a/qapi/migration.json +++ b/qapi/migration.json @@ -1380,12 +1380,17 @@ # @mode: COLO running mode. If COLO is running, this field will return # 'primary' or 'secondary'. # +# @last_mode: COLO last running mode. If COLO is running, this field +# will return same like mode field, after failover we can +# use this field to get last colo mode. (since 4.1) +# # @reason: describes the reason for the COLO exit. # # Since: 3.1 ## { 'struct': 'COLOStatus', - 'data': { 'mode': 'COLOMode', 'reason': 'COLOExitReason' } } + 'data': { 'mode': 'COLOMode', 'last_mode': 'COLOMode', + 'reason': 'COLOExitReason' } } ## # @query-colo-status: -- cgit v1.2.3