From 61f122637b8c9952e28983de81638941dc4e7bc4 Mon Sep 17 00:00:00 2001 From: Pawel Koniszewski Date: Wed, 3 Aug 2016 11:59:54 +0200 Subject: [PATCH] Change default value of live_migration_tunnelled to False Given the impact of libvirt tunnelling mechanism this patch changes default value of live_migration_tunnelled to False. There are few reasons to do that: * Internal libvirt mechanisms increases number of memory copies and it is just a single-threaded encryption mechanism. Because of that transfer between source and destination is around 2Gb/s on a 10Gb network. Given how fast memory is it effectively prevents live migrations from finishing without entering post-copy mode. Most operators are turning tunnelling off to increase convergence without using such hammers like post-copy or pausing an instance during live migration. * It also has some limitations, e.g., selective disk migration does not work when tunnelling is enabled, which means that by default it is not possible to block live migrate image-backed VMs with additional volumes atteched * Default value of live_migration_tunnelled - None - supposed to choose the best option for encrypting live migration basing on e.g., availability of native encryption in hypervisor. However, this will only solve problems with LM limitations when libvirt tunnelling is in use. Poor performance will still be an issue. Change-Id: I0323e8bb2ded938522c15b220b84ddfc606e1c97 --- nova/conf/libvirt.py | 1 + nova/tests/unit/virt/libvirt/test_driver.py | 48 ++++--------------- ...-migration-tunnelled-4248cf76df605fdf.yaml | 8 ++++ 3 files changed, 19 insertions(+), 38 deletions(-) create mode 100644 releasenotes/notes/libvirt-change-default-value-of-live-migration-tunnelled-4248cf76df605fdf.yaml diff --git a/nova/conf/libvirt.py b/nova/conf/libvirt.py index 59b8e426d7cc..fd8d13fa6934 100644 --- a/nova/conf/libvirt.py +++ b/nova/conf/libvirt.py @@ -105,6 +105,7 @@ libvirt_general_opts = [ 'block_migration_flag will be removed to ' 'avoid potential misconfiguration.'), cfg.BoolOpt('live_migration_tunnelled', + default=False, help='Whether to use tunnelled migration, where migration ' 'data is transported over the libvirtd connection. If ' 'True, we use the VIR_MIGRATE_TUNNELLED migration flag, ' diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py index e6c80dc67872..8b19e15a8bcf 100644 --- a/nova/tests/unit/virt/libvirt/test_driver.py +++ b/nova/tests/unit/virt/libvirt/test_driver.py @@ -1044,8 +1044,7 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED)) + libvirt_driver.libvirt.VIR_MIGRATE_LIVE)) def test_parse_live_migration_flags(self): self._do_test_parse_migration_flags( @@ -1063,7 +1062,6 @@ class LibvirtConnTestCase(test.NoDBTestCase): bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) def test_parse_block_migration_flags(self): @@ -1083,15 +1081,13 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_FOO_BAR'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED), + libvirt_driver.libvirt.VIR_MIGRATE_LIVE), bm_config=('VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, ' 'VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED, ' 'VIR_MIGRATE_NON_SHARED_INC, VIR_MIGRATE_FOO_BAR'), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) msg = mock_log.warning.call_args_list[0] @@ -1117,12 +1113,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_TUNNELLED'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED), + libvirt_driver.libvirt.VIR_MIGRATE_LIVE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) msg = mock_log.warning.call_args_list[0] @@ -1142,12 +1136,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_NON_SHARED_INC'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED), + libvirt_driver.libvirt.VIR_MIGRATE_LIVE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) msg = mock_log.warning.call_args_list[0] @@ -1170,11 +1162,9 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_TUNNELLED, ' 'VIR_MIGRATE_NON_SHARED_INC'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED), + libvirt_driver.libvirt.VIR_MIGRATE_LIVE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) msg = mock_log.warning.call_args_list[0] @@ -1196,12 +1186,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_NON_SHARED_INC'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED), + libvirt_driver.libvirt.VIR_MIGRATE_LIVE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) msg = mock_log.warning.call_args_list[0] @@ -1276,12 +1264,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_POSTCOPY), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC | libvirt_driver.libvirt.VIR_MIGRATE_POSTCOPY)) @@ -1301,12 +1287,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_AUTO_CONVERGE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC | libvirt_driver.libvirt.VIR_MIGRATE_AUTO_CONVERGE)) @@ -1328,12 +1312,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_POSTCOPY), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC | libvirt_driver.libvirt.VIR_MIGRATE_POSTCOPY)) @@ -1363,12 +1345,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_AUTO_CONVERGE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC | libvirt_driver.libvirt.VIR_MIGRATE_AUTO_CONVERGE)) @@ -1388,12 +1368,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_NON_SHARED_INC'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED), + libvirt_driver.libvirt.VIR_MIGRATE_LIVE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) @mock.patch.object(host.Host, 'has_min_version', return_value=False) @@ -1411,12 +1389,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_NON_SHARED_INC'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED), + libvirt_driver.libvirt.VIR_MIGRATE_LIVE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) def test_live_migration_permit_postcopy_false(self): @@ -1432,12 +1408,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_NON_SHARED_INC'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED), + libvirt_driver.libvirt.VIR_MIGRATE_LIVE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) def test_live_migration_permit_autoconverge_false(self): @@ -1453,12 +1427,10 @@ class LibvirtConnTestCase(test.NoDBTestCase): 'VIR_MIGRATE_NON_SHARED_INC'), lm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | - libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED), + libvirt_driver.libvirt.VIR_MIGRATE_LIVE), bm_expected=(libvirt_driver.libvirt.VIR_MIGRATE_UNDEFINE_SOURCE | libvirt_driver.libvirt.VIR_MIGRATE_PEER2PEER | libvirt_driver.libvirt.VIR_MIGRATE_LIVE | - libvirt_driver.libvirt.VIR_MIGRATE_TUNNELLED | libvirt_driver.libvirt.VIR_MIGRATE_NON_SHARED_INC)) @mock.patch('nova.utils.get_image_from_system_metadata') diff --git a/releasenotes/notes/libvirt-change-default-value-of-live-migration-tunnelled-4248cf76df605fdf.yaml b/releasenotes/notes/libvirt-change-default-value-of-live-migration-tunnelled-4248cf76df605fdf.yaml new file mode 100644 index 000000000000..d21830cfca51 --- /dev/null +++ b/releasenotes/notes/libvirt-change-default-value-of-live-migration-tunnelled-4248cf76df605fdf.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - Default value of live_migration_tunnelled config option in + libvirt section has been changed to False. After upgrading + nova to Newton all live migrations will be non-tunnelled + unless live_migration_tunnelled is explicitly set to True. + It means that, by default, the migration traffic will not + go through libvirt and therefore will no longer be encrypted.