From 6f860ae75566e858593d2c067909a6d1e9feccbf Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 27 Apr 2016 11:05:03 +0100 Subject: migration: rename unix.c to socket.c The unix.c file will be nearly the same as the tcp.c file, only differing in the initial SocketAddress creation code. Rename unix.c to socket.c and refactor it a little to prepare for merging the TCP code. Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Daniel P. Berrange Message-Id: <1461751518-12128-14-git-send-email-berrange@redhat.com> Signed-off-by: Amit Shah --- migration/socket.c | 132 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 migration/socket.c (limited to 'migration/socket.c') diff --git a/migration/socket.c b/migration/socket.c new file mode 100644 index 0000000..a9911d6 --- /dev/null +++ b/migration/socket.c @@ -0,0 +1,132 @@ +/* + * QEMU live migration via Unix Domain Sockets + * + * Copyright Red Hat, Inc. 2009-2016 + * + * Authors: + * Chris Lalancette + * Daniel P. Berrange + * + * This work is licensed under the terms of the GNU GPL, version 2. See + * the COPYING file in the top-level directory. + * + * Contributions after 2012-01-13 are licensed under the terms of the + * GNU GPL, version 2 or (at your option) any later version. + */ + +#include "qemu/osdep.h" + +#include "qemu-common.h" +#include "qemu/error-report.h" +#include "qapi/error.h" +#include "migration/migration.h" +#include "migration/qemu-file.h" +#include "io/channel-socket.h" +#include "trace.h" + + +static SocketAddress *unix_build_address(const char *path) +{ + SocketAddress *saddr; + + saddr = g_new0(SocketAddress, 1); + saddr->type = SOCKET_ADDRESS_KIND_UNIX; + saddr->u.q_unix.data = g_new0(UnixSocketAddress, 1); + saddr->u.q_unix.data->path = g_strdup(path); + + return saddr; +} + + +static void socket_outgoing_migration(Object *src, + Error *err, + gpointer opaque) +{ + MigrationState *s = opaque; + QIOChannel *sioc = QIO_CHANNEL(src); + + if (err) { + trace_migration_socket_outgoing_error(error_get_pretty(err)); + s->to_dst_file = NULL; + migrate_fd_error(s, err); + } else { + trace_migration_socket_outgoing_connected(); + migration_set_outgoing_channel(s, sioc); + } + object_unref(src); +} + +static void socket_start_outgoing_migration(MigrationState *s, + SocketAddress *saddr, + Error **errp) +{ + QIOChannelSocket *sioc = qio_channel_socket_new(); + qio_channel_socket_connect_async(sioc, + saddr, + socket_outgoing_migration, + s, + NULL); + qapi_free_SocketAddress(saddr); +} + +void unix_start_outgoing_migration(MigrationState *s, + const char *path, + Error **errp) +{ + SocketAddress *saddr = unix_build_address(path); + socket_start_outgoing_migration(s, saddr, errp); +} + + +static gboolean socket_accept_incoming_migration(QIOChannel *ioc, + GIOCondition condition, + gpointer opaque) +{ + QIOChannelSocket *sioc; + Error *err = NULL; + + sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), + &err); + if (!sioc) { + error_report("could not accept migration connection (%s)", + error_get_pretty(err)); + goto out; + } + + trace_migration_socket_incoming_accepted(); + + migration_set_incoming_channel(migrate_get_current(), + QIO_CHANNEL(sioc)); + object_unref(OBJECT(sioc)); + +out: + /* Close listening socket as its no longer needed */ + qio_channel_close(ioc, NULL); + return FALSE; /* unregister */ +} + + +static void socket_start_incoming_migration(SocketAddress *saddr, + Error **errp) +{ + QIOChannelSocket *listen_ioc = qio_channel_socket_new(); + + if (qio_channel_socket_listen_sync(listen_ioc, saddr, errp) < 0) { + object_unref(OBJECT(listen_ioc)); + qapi_free_SocketAddress(saddr); + return; + } + + qio_channel_add_watch(QIO_CHANNEL(listen_ioc), + G_IO_IN, + socket_accept_incoming_migration, + listen_ioc, + (GDestroyNotify)object_unref); + qapi_free_SocketAddress(saddr); +} + +void unix_start_incoming_migration(const char *path, Error **errp) +{ + SocketAddress *saddr = unix_build_address(path); + socket_start_incoming_migration(saddr, errp); +} -- cgit v1.1 From e65c67e4dad18a1f04be426f23cc4d64a32c7548 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 27 Apr 2016 11:05:04 +0100 Subject: migration: convert tcp socket protocol to use QIOChannel Drop the current TCP socket migration driver and extend the new generic socket driver to cope with the TCP address format Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Daniel P. Berrange Message-Id: <1461751518-12128-15-git-send-email-berrange@redhat.com> Signed-off-by: Amit Shah --- migration/socket.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'migration/socket.c') diff --git a/migration/socket.c b/migration/socket.c index a9911d6..25457ea 100644 --- a/migration/socket.c +++ b/migration/socket.c @@ -25,6 +25,23 @@ #include "trace.h" +static SocketAddress *tcp_build_address(const char *host_port, Error **errp) +{ + InetSocketAddress *iaddr = inet_parse(host_port, errp); + SocketAddress *saddr; + + if (!iaddr) { + return NULL; + } + + saddr = g_new0(SocketAddress, 1); + saddr->type = SOCKET_ADDRESS_KIND_INET; + saddr->u.inet.data = iaddr; + + return saddr; +} + + static SocketAddress *unix_build_address(const char *path) { SocketAddress *saddr; @@ -69,6 +86,14 @@ static void socket_start_outgoing_migration(MigrationState *s, qapi_free_SocketAddress(saddr); } +void tcp_start_outgoing_migration(MigrationState *s, + const char *host_port, + Error **errp) +{ + SocketAddress *saddr = tcp_build_address(host_port, errp); + socket_start_outgoing_migration(s, saddr, errp); +} + void unix_start_outgoing_migration(MigrationState *s, const char *path, Error **errp) @@ -125,6 +150,12 @@ static void socket_start_incoming_migration(SocketAddress *saddr, qapi_free_SocketAddress(saddr); } +void tcp_start_incoming_migration(const char *host_port, Error **errp) +{ + SocketAddress *saddr = tcp_build_address(host_port, errp); + socket_start_incoming_migration(saddr, errp); +} + void unix_start_incoming_migration(const char *path, Error **errp) { SocketAddress *saddr = unix_build_address(path); -- cgit v1.1 From e122636562218b3d442cd2cd18fbc188dd9ce709 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 27 Apr 2016 11:05:16 +0100 Subject: migration: add support for encrypting data with TLS This extends the migration_set_incoming_channel and migration_set_outgoing_channel methods so that they will automatically wrap the QIOChannel in a QIOChannelTLS instance if TLS credentials are configured in the migration parameters. This allows TLS to work for tcp, unix, fd and exec migration protocols. It does not (currently) work for RDMA since it does not use these APIs, but it is unlikely that TLS would be desired with RDMA anyway since it would degrade the performance to that seen with TCP defeating the purpose of using RDMA. On the target host, QEMU would be launched with a set of TLS credentials for a server endpoint $ qemu-system-x86_64 -monitor stdio -incoming defer \ -object tls-creds-x509,dir=/home/berrange/security/qemutls,endpoint=server,id=tls0 \ ...other args... To enable incoming TLS migration 2 monitor commands are then used (qemu) migrate_set_str_parameter tls-creds tls0 (qemu) migrate_incoming tcp:myhostname:9000 On the source host, QEMU is launched in a similar manner but using client endpoint credentials $ qemu-system-x86_64 -monitor stdio \ -object tls-creds-x509,dir=/home/berrange/security/qemutls,endpoint=client,id=tls0 \ ...other args... To enable outgoing TLS migration 2 monitor commands are then used (qemu) migrate_set_str_parameter tls-creds tls0 (qemu) migrate tcp:otherhostname:9000 Thanks to earlier improvements to error reporting, TLS errors can be seen 'info migrate' when doing a detached migration. For example: (qemu) info migrate capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks: off compress: off events: off x-postcopy-ram: off Migration status: failed total time: 0 milliseconds error description: TLS handshake failed: The TLS connection was non-properly terminated. Or (qemu) info migrate capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks: off compress: off events: off x-postcopy-ram: off Migration status: failed total time: 0 milliseconds error description: Certificate does not match the hostname localhost Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Daniel P. Berrange Message-Id: <1461751518-12128-27-git-send-email-berrange@redhat.com> Signed-off-by: Amit Shah --- migration/socket.c | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) (limited to 'migration/socket.c') diff --git a/migration/socket.c b/migration/socket.c index 25457ea..977a8d3 100644 --- a/migration/socket.c +++ b/migration/socket.c @@ -55,20 +55,35 @@ static SocketAddress *unix_build_address(const char *path) } +struct SocketConnectData { + MigrationState *s; + char *hostname; +}; + +static void socket_connect_data_free(void *opaque) +{ + struct SocketConnectData *data = opaque; + if (!data) { + return; + } + g_free(data->hostname); + g_free(data); +} + static void socket_outgoing_migration(Object *src, Error *err, gpointer opaque) { - MigrationState *s = opaque; + struct SocketConnectData *data = opaque; QIOChannel *sioc = QIO_CHANNEL(src); if (err) { trace_migration_socket_outgoing_error(error_get_pretty(err)); - s->to_dst_file = NULL; - migrate_fd_error(s, err); + data->s->to_dst_file = NULL; + migrate_fd_error(data->s, err); } else { - trace_migration_socket_outgoing_connected(); - migration_set_outgoing_channel(s, sioc); + trace_migration_socket_outgoing_connected(data->hostname); + migration_set_outgoing_channel(data->s, sioc, data->hostname); } object_unref(src); } @@ -78,11 +93,16 @@ static void socket_start_outgoing_migration(MigrationState *s, Error **errp) { QIOChannelSocket *sioc = qio_channel_socket_new(); + struct SocketConnectData *data = g_new0(struct SocketConnectData, 1); + data->s = s; + if (saddr->type == SOCKET_ADDRESS_KIND_INET) { + data->hostname = g_strdup(saddr->u.inet.data->host); + } qio_channel_socket_connect_async(sioc, saddr, socket_outgoing_migration, - s, - NULL); + data, + socket_connect_data_free); qapi_free_SocketAddress(saddr); } -- cgit v1.1