Bug 1374793 - RFE: support moving a running domain to an updated QEMU binary
Summary: RFE: support moving a running domain to an updated QEMU binary
Keywords:
Status: NEW
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact: Fangge Jin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-09 16:10 UTC by David Jaša
Modified: 2021-06-02 10:26 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description David Jaša 2016-09-09 16:10:51 UTC
Description of problem:
Please allow migration within the same session. There are two use cases:
  * after critical qemu security fixes, enable rapid move of VMs to updated qemu
  * migration testing: easy to setup and more likely to hit race conditions
IMO first one is good enough to implement the RFE and RHEV Virt team is in favour of the idea once libvirt supports it.

Migration works just ok when done on plain qemu so the support should be trivial. There's room for optimization of course (mainly for memory: to have a way to migrate without copying VM memory for further speed gains and ability to migrate monster VMs on hosts with free memory < VM memory) but it makes sense to have this ability without them.


Version-Release number of selected component (if applicable):
libvirt-daemon-2.0.0-6.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. try to migrate within the same libvirt session, e.g.:
virsh -c LIBVIRT_URI migrate VM_NAME LIBVIRT_URI
2.
3.

Actual results:
migration is refused

Expected results:
migration succeeds

Additional info:

Comment 1 Daniel Berrangé 2016-09-09 16:15:26 UTC
(In reply to David Jaša from comment #0)
> Description of problem:
> Please allow migration within the same session. There are two use cases:
>   * after critical qemu security fixes, enable rapid move of VMs to updated
> qemu
>   * migration testing: easy to setup and more likely to hit race conditions
> IMO first one is good enough to implement the RFE and RHEV Virt team is in
> favour of the idea once libvirt supports it.
> 
> Migration works just ok when done on plain qemu so the support should be
> trivial. 

Nope, it is not at all trivial. When managing QEMU processes there are many resources libvirt sets up on the host which are tied to the VM, typically based on its name, and/or a combination of name + uuid. You can't have two copies of the same VM running on the same host without getting clashes in these resources and making libvirt support multiple different naming schemes for the same VM would have a ripple effect across the codebase and result in bugs which only ever appear when doing local-host migrations.

Comment 2 David Jaša 2016-09-12 10:58:28 UTC
Domain ID seems like a good distinguishing mark for domains with the same name/uuid for file names. Good handling of qemu logging looks more difficult to me but that's not exactly good in current libvirt either (e.g. too verbose logging preventing domain startup, lack of timestamps etc).

Comment 3 Jiri Denemark 2016-11-22 11:55:04 UTC
As Daniel said, implementing generic localhost migrations would be nontrivial and don't think it's worth doing. Setting up two hosts for migration testing is not any harder than setting up a single host esp. when both can be virtual.

However, moving a running domain from an older QEMU binary to a new one (e.g., to address a security issue) is a valid scenario that is worth thinking over. Libvirtd could do it within a single API and it could even be theoretically possible to implement some optimizations in cooperation with QEMU.

That said, I'm changing the bug summary to match the first use case.

Comment 4 Daniel Berrangé 2016-11-22 12:12:04 UTC
(In reply to Jiri Denemark from comment #3)
> As Daniel said, implementing generic localhost migrations would be
> nontrivial and don't think it's worth doing. Setting up two hosts for
> migration testing is not any harder than setting up a single host esp. when
> both can be virtual.
> 
> However, moving a running domain from an older QEMU binary to a new one
> (e.g., to address a security issue) is a valid scenario that is worth
> thinking over. Libvirtd could do it within a single API and it could even be
> theoretically possible to implement some optimizations in cooperation with
> QEMU.
> 
> That said, I'm changing the bug summary to match the first use case.

I don't think that "upgrading" a running QEMU in-place is any easier than supporting localhost migration - all the same problems apply wrt resources on disk clashing. 

I question whether there is a genuine value in in-place upgrade of QEMU from a security POV too. There's a reasonable number of security bugs in pieces outside QEMU that effectively necessitate migrating the guest to a separate host. So given that you need that procedure for dealing with security errata in general, I'm sceptical that it is beneficial to special case QEMU security bugs. It is better to have a consistent process applied in all cases, as that reduces the testing matrix and thus scope for failure.


Note You need to log in before you can comment on or make changes to this bug.