From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 05F8A1FF141 for ; Fri, 27 Feb 2026 11:52:47 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 19957CE15; Fri, 27 Feb 2026 11:53:43 +0100 (CET) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 27 Feb 2026 11:53:37 +0100 Message-Id: Subject: Re: [PATCH-SERIES qemu-server/guest-common/container v2 00/14] migration: strict config check for intra-cluster migration From: "Daniel Kral" To: "Fiona Ebner" , X-Mailer: aerc 0.21.0-38-g7088c3642f2c-dirty References: <20260225151931.176335-1-f.ebner@proxmox.com> In-Reply-To: <20260225151931.176335-1-f.ebner@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1772189598454 X-SPAM-LEVEL: Spam detection results: 0 AWL -1.037 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 1.158 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.306 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.668 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: JPNDO463PHPCUS5QOQRM32ZXI6DMNGJJ X-Message-ID-Hash: JPNDO463PHPCUS5QOQRM32ZXI6DMNGJJ X-MailFrom: d.kral@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed Feb 25, 2026 at 4:18 PM CET, Fiona Ebner wrote: > Changes in v2: > * add patches for container > * log when skipping strict configuration check > > For remote migration, we already check that the config can be parsed > on the target. Do the same for intra-cluster migration, to avoid > issues like [0] for future new settings, with settings being > unexpectedly ignored on the target, and in the case of qemu-server > even relatively silently dropped (there are warnings in the target's > system logs). In case of containers, an example is migrating a > container with a mountpoint with 'keepattrs' to a node with a too old > pve-container version, resulting in the mountpoint not being mounted > on the target. Gave this test series a spin in a 3-node cluster with two nodes upgraded to the patches applied (where one node has the additional shiny-new property for the VM and container $confdesc) and the third node doesn't have the patches applied. For both VMs and containers: - offline and online migration succeeds from node with extra prop to node without patches applied (skip as expected) - offline and online migration fails to node from with extra prop to node with patches applied but no extra prop (expected) - same if second patched node has another additional property unequal to the one on the other patched node (expected) - appending --force skipped the strict config check (expected) - offline and online migration succeeds between nodes with patches applied where the guest doesn't have any additional props (expected) One thing I noticed is that the new prop is dropped from the config to a node that doesn't support the strict config check yet for VMs, but for containers it still stays in the config. Good to check this already as that may change in the future. Besides the three inline nodes in patch #6, the changes look good to me and testing some intra-cluster migrations worked as expected. With the points in #6 resolved, consider the patch series as: Reviewed-by: Daniel Kral Tested-by: Daniel Kral