Signed-off-by: Alexandre Derumier <[email protected]>
---
PVE/API2/Qemu.pm | 21 +++++++++------------
PVE/QMPClient.pm | 3 ++-
PVE/QemuMigrate.pm | 41 ++++++++++++++++++++++++++++++++++++++++-
PVE/QemuServer.pm | 32 +++++++++++++++++++++++++++++---
4 files changed, 80 insertions(+), 17 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 2c86487..0ec548a 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1381,18 +1381,8 @@ __PACKAGE__->register_method({
$proxy = $host;
}
- # read x509 subject
my $filename = "/etc/pve/local/pve-ssl.pem";
- my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
- my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
- Net::SSLeay::BIO_free($bio);
- my $nameobj = Net::SSLeay::X509_get_subject_name($x509);
- my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
- Net::SSLeay::X509_free($x509);
-
- # remote-viewer wants comma as seperator (not '/')
- $subject =~ s!^/!!;
- $subject =~ s!/(\w+=)!,$1!g;
+ my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
my $cacert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem",
8192);
$cacert =~ s/\n/\\n/g;
@@ -1515,6 +1505,11 @@ __PACKAGE__->register_method({
skiplock => get_standard_option('skiplock'),
stateuri => get_standard_option('pve-qm-stateuri'),
migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
+ spiceticket => {
+ description => "spiceticket from migration",
+ type => 'string',
+ optional => 1
+ },
machine => get_standard_option('pve-qm-machine'),
},
},
@@ -1534,6 +1529,8 @@ __PACKAGE__->register_method({
my $machine = extract_param($param, 'machine');
+ my $spiceticket = extract_param($param, 'spiceticket');
+
my $stateuri = extract_param($param, 'stateuri');
raise_param_exc({ stateuri => "Only root may use this option." })
if $stateuri && $authuser ne 'root@pam';
@@ -1574,7 +1571,7 @@ __PACKAGE__->register_method({
syslog('info', "start VM $vmid: $upid\n");
- PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri,
$skiplock, $migratedfrom, undef, $machine);
+ PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri,
$skiplock, $migratedfrom, undef, $machine, $spiceticket);
return;
};
diff --git a/PVE/QMPClient.pm b/PVE/QMPClient.pm
index 4305cd6..dd64796 100755
--- a/PVE/QMPClient.pm
+++ b/PVE/QMPClient.pm
@@ -87,7 +87,8 @@ sub cmd {
$cmd->{execute} eq 'backup-cancel' ||
$cmd->{execute} eq 'query-savevm' ||
$cmd->{execute} eq 'delete-drive-snapshot' ||
- $cmd->{execute} eq 'snapshot-drive' ) {
+ $cmd->{execute} eq 'client_migrate_info' ||
+ $cmd->{execute} eq 'snapshot-drive') {
$timeout = 10*60; # 10 mins ?
} else {
$timeout = 3; # default
diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
index dd48f78..7c04d7c 100644
--- a/PVE/QemuMigrate.pm
+++ b/PVE/QemuMigrate.pm
@@ -11,6 +11,7 @@ use PVE::Cluster;
use PVE::Storage;
use PVE::QemuServer;
use Time::HiRes qw( usleep );
+use PVE::RPCEnvironment;
use base qw(PVE::AbstractMigrate);
@@ -307,13 +308,18 @@ sub phase2 {
$self->log('info', "starting VM $vmid on remote node '$self->{node}'");
my $rport;
-
+ my $spice_port;
my $nodename = PVE::INotify::nodename();
## start on remote node
my $cmd = [@{$self->{rem_ssh}}, 'qm', 'start',
$vmid, '--stateuri', 'tcp', '--skiplock', '--migratedfrom',
$nodename];
+ if($conf->{vga} eq 'qxl'){
+ my $res = PVE::QemuServer::vm_mon_cmd($vmid, 'query-spice');
+ push @$cmd, '--spiceticket', $res->{ticket} if $res->{ticket};
+ }
+
if ($self->{forcemachine}) {
push @$cmd, '--machine', $self->{forcemachine};
}
@@ -323,6 +329,8 @@ sub phase2 {
if ($line =~ m/^migration listens on port (\d+)$/) {
$rport = $1;
+ }elsif ($line =~ m/^spice listens on port (\d+)$/) {
+ $spice_port = $1;
}
}, errfunc => sub {
my $line = shift;
@@ -380,6 +388,24 @@ sub phase2 {
PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate-set-cache-size",
value => $cachesize);
};
+ if($conf->{vga} eq 'qxl'){
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my ($ticket, $proxyticket) =
PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $self->{node});
+
+ my $filename = "/etc/pve/nodes/".$self->{node}."/pve-ssl.pem";
+ my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
+
+ $self->log('info', "spice client_migrate_info");
+
+ eval {
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "client_migrate_info",
protocol => 'spice', hostname => $proxyticket, 'tls-port' => int($spice_port),
'cert-subject' => $subject);
+ };
+ $self->log('info', "client_migrate_info error: $@") if $@;
+
+ }
+
eval {
PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "migrate", uri =>
"tcp:localhost:$lport");
};
@@ -418,6 +444,19 @@ sub phase2 {
my $mbps = sprintf "%.2f", $conf->{memory}/$delay;
my $downtime = $stat->{downtime} || 0;
$self->log('info', "migration speed: $mbps MB/s - downtime
$downtime ms");
+
+ my $timer = 0;
+ if($conf->{vga} eq 'qxl'){
+ $self->log('info', "Waiting for spice server
migration");
+ while (1) {
+ my $res =
PVE::QemuServer::vm_mon_cmd_nocheck($vmid, 'query-spice');
+ last if int($res->{'migrated'}) == 1;
+ last if $timer > 50;
+ $timer ++;
+ usleep(200000);
+ }
+ }
+
}
}
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index fc1f9cc..79d5d58 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -2464,7 +2464,7 @@ sub config_to_command {
my $port = PVE::Tools::next_unused_port(61000, 61099);
- push @$cmd, '-spice',
"tls-port=$port,addr=127.0.0.1,$x509,tls-ciphers=DES-CBC3-SHA";
+ push @$cmd, '-spice',
"tls-port=$port,addr=127.0.0.1,$x509,tls-ciphers=DES-CBC3-SHA,seamless-migration=on";
push @$cmd, '-device', "virtio-serial,id=spice$pciaddr";
@@ -2598,7 +2598,7 @@ sub vnc_socket {
sub spice_port {
my ($vmid) = @_;
- my $res = vm_mon_cmd($vmid, 'query-spice');
+ my $res = vm_mon_cmd_nocheck($vmid, 'query-spice');
return $res->{'tls-port'} || $res->{'port'} || die "no spice port\n";
}
@@ -3032,7 +3032,7 @@ sub qga_unfreezefs {
}
sub vm_start {
- my ($storecfg, $vmid, $statefile, $skiplock, $migratedfrom, $paused,
$forcemachine) = @_;
+ my ($storecfg, $vmid, $statefile, $skiplock, $migratedfrom, $paused,
$forcemachine, $spiceticket) = @_;
lock_config($vmid, sub {
my $conf = load_config($vmid, $migratedfrom);
@@ -3095,6 +3095,15 @@ sub vm_start {
$capabilities->{capability} = "xbzrle";
$capabilities->{state} = JSON::true;
eval { vm_mon_cmd_nocheck($vmid, "migrate-set-capabilities",
capabilities => [$capabilities]); };
+ if($conf->{vga} eq 'qxl'){
+ my $spice_port = PVE::QemuServer::spice_port($vmid);
+ print "spice listens on port $spice_port\n" if $spice_port;
+ if($spiceticket){
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid, "set_password",
protocol => 'spice', password => $spiceticket);
+ PVE::QemuServer::vm_mon_cmd_nocheck($vmid,
"expire_password", protocol => 'spice', time => "+5");
+ }
+ }
+
}
else{
@@ -4856,4 +4865,21 @@ sub get_current_qemu_machine {
return $current || $default || 'pc';
}
+sub read_x509_subject_spice {
+ my ($filename) = @_;
+
+ # read x509 subject
+ my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
+ my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
+ Net::SSLeay::BIO_free($bio);
+ my $nameobj = Net::SSLeay::X509_get_subject_name($x509);
+ my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
+ Net::SSLeay::X509_free($x509);
+
+ # remote-viewer wants comma as seperator (not '/')
+ $subject =~ s!^/!!;
+ $subject =~ s!/(\w+=)!,$1!g;
+
+ return $subject;
+}
1;
--
1.7.10.4
_______________________________________________
pve-devel mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
