>>but at least, we need a tunneling like socat for zfs or rbd. I didn't known, but socat support encryption with openssl natively.
I have foudn a benchmark on percona xtradbcluster, which use tunnel to resync mysql galera cluster. https://www.percona.com/blog/2017/03/30/performance-evaluation-of-sst-data-transfer-with-encryption-part-2/ ----- Mail original ----- De: "aderumier" <aderum...@odiso.com> À: "dietmar" <diet...@proxmox.com> Cc: "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Vendredi 21 Avril 2017 09:28:31 Objet: Re: [pve-devel] RFC V2 Storage Replica >>Something like that. But login/password is maybe not enough, because we also >>need ssh connection. Or can we make it work without ssh? for api call, it's ok through https For disk replication , I think that ssh have too much penality for performance. But maybe user want it as option if the remote cluster is in a remote location/cloud on internet. (or other kind of encryption) but at least, we need a tunneling like socat for zfs or rbd. qemu mirroring|backup can work directly to nbd (and tls encryption is available in qemu 2.9) >>If so, we need to add at least a fingerprint to identify the remote host? yes ! ----- Mail original ----- De: "dietmar" <diet...@proxmox.com> À: "aderumier" <aderum...@odiso.com>, "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Vendredi 21 Avril 2017 08:34:35 Objet: Re: [pve-devel] RFC V2 Storage Replica > On April 21, 2017 at 8:04 AM Alexandre DERUMIER <aderum...@odiso.com> wrote: > > > >>ip=could be an ip of the cluster. > >>(But I think we need to connect first to this ip, and find where the vm is > >>located (in case of vm is moving), and reconnect to the vm node. > >>Don't known how to manage this first ip connect ? (do we allow to define > >>multiple ips if 1 host is down?) > > Maybe define > > >>replication-source: clusterid=mysourceclusterid,sourcevmid=123 > > > the define cluster in > > /etc/pve/remoteclusters.cfg > > mysourceclusterid : ip : x.X.X.X, x.X.X.X, x.X.X.X > login : xxxx > password: xxxx > Something like that. But login/password is maybe not enough, because we also need ssh connection. Or can we make it work without ssh? If so, we need to add at least a fingerprint to identify the remote host? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
