Open Stack

On Mon, Jan 04, 2016 at 09:12:06PM +0000, Mark McLoughlin wrote:
> Hi
> 
> commit 8ecf93e[1] got me thinking - the live_migration_flag config
> option unnecessarily allows operators choose arbitrary behavior of the
> migrateToURI() libvirt call, to the extent that we allow the operator
> to configure a behavior that can result in data loss[1].
> 
> I see that danpb recently said something similar:
> 
>   https://review.openstack.org/171098
> 
>   "Honestly, I wish we'd just kill off  'live_migration_flag' and
>   'block_migration_flag' as config options. We really should not be
>   exposing low level libvirt API flags as admin tunable settings.
> 
>   Nova should really be in charge of picking the correct set of flags
>   for the current libvirt version, and the operation it needs to
>   perform. We might need to add other more sensible config options in
>   their place [..]"

Nova should really handle internal flags and this serie is running in
the right way.

> ...

>   4) Add a new config option for tunneled versus native:
> 
>        [libvirt]
>        live_migration_tunneled = true
> 
>      This enables the use of the VIR_MIGRATE_TUNNELLED flag. We have 
>      historically defaulted to tunneled mode because it requires the 
>      least configuration and is currently the only way to have a 
>      secure migration channel.
> 
>      danpb's quote above continues with:
> 
>        "perhaps a "live_migration_secure_channel" to indicate that 
>         migration must use encryption, which would imply use of 
>         TUNNELLED flag"
> 
>      So we need to discuss whether the config option should express the
>      choice of tunneled vs native, or whether it should express another
>      choice which implies tunneled vs native.
> 
>        https://review.openstack.org/263434

We probably have to consider that operator does not know much about
internal libvirt flags, so options we are exposing for him should
reflect benefice of using them. I commented on your review we should
at least explain benefice of using this option whatever the name is.

>   5) Add a new config option for additional migration flags:
> 
>        [libvirt]
>        live_migration_extra_flags = VIR_MIGRATE_COMPRESSED
> 
>      This allows operators to continue to experiment with libvirt behaviors
>      in safe ways without each use case having to be accounted for.
> 
>        https://review.openstack.org/263435
> 
>      We would disallow setting the following flags via this option:
> 
>        VIR_MIGRATE_LIVE
>        VIR_MIGRATE_PEER2PEER
>        VIR_MIGRATE_TUNNELLED
>        VIR_MIGRATE_PERSIST_DEST
>        VIR_MIGRATE_UNDEFINE_SOURCE
>        VIR_MIGRATE_NON_SHARED_INC
>        VIR_MIGRATE_NON_SHARED_DISK
> 
>     which would allow the following currently available flags to be set:

>        VIR_MIGRATE_PAUSED
>        VIR_MIGRATE_CHANGE_PROTECTION
>        VIR_MIGRATE_UNSAFE
>        VIR_MIGRATE_OFFLINE
>        VIR_MIGRATE_COMPRESSED
>        VIR_MIGRATE_ABORT_ON_ERROR
>        VIR_MIGRATE_AUTO_CONVERGE
>        VIR_MIGRATE_RDMA_PIN_ALL

We can probably consider to provide VIR_MIGRATE_PAUSED and
VIR_MIGRATE_COMPRESSED as dedicated options too ?