From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E47786CFAB for ; Wed, 3 Feb 2021 15:25:46 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E27CC1B1DA for ; Wed, 3 Feb 2021 15:25:46 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 4D1D91B1AF for ; Wed, 3 Feb 2021 15:25:45 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 16E50461AC for ; Wed, 3 Feb 2021 15:25:45 +0100 (CET) From: Mira Limbeck To: pve-devel@lists.proxmox.com Date: Wed, 3 Feb 2021 15:25:36 +0100 Message-Id: <20210203142536.28480-6-m.limbeck@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210203142536.28480-1-m.limbeck@proxmox.com> References: <20210203142536.28480-1-m.limbeck@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.253 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods NO_DNS_FOR_FROM 0.379 Envelope sender has no MX or A DNS records RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [qemu.pm, qemumigrate.pm] Subject: [pve-devel] [PATCH qemu-server v2] copy conntrack information on migration X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2021 14:25:46 -0000 Requires the pve-conntrack-tool. On migration the conntrack information from the source node is dumped and sent to the target node where it is then inserted. This helps with open connections during migration when the firewall is active. A new 'migrate-conntracks' option is added to the migrate_vm API call. Signed-off-by: Mira Limbeck --- v2: - added the migrate-conntracks option so that it only copies conntrack information when requested PVE/API2/Qemu.pm | 5 +++++ PVE/QemuMigrate.pm | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm index 3571f5e..8c4336b 100644 --- a/PVE/API2/Qemu.pm +++ b/PVE/API2/Qemu.pm @@ -3556,6 +3556,11 @@ __PACKAGE__->register_method({ minimum => '0', default => 'migrate limit from datacenter or storage config', }, + 'migrate-conntracks' => { + description => "Migrate connection tracking info.", + type => 'boolean', + optional => 1, + } }, }, returns => { diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm index 5c019fc..2ccef2a 100644 --- a/PVE/QemuMigrate.pm +++ b/PVE/QemuMigrate.pm @@ -1087,6 +1087,11 @@ sub phase2 { die "unable to parse migration status '$stat->{status}' - aborting\n"; } } + + if ($self->{opts}->{'migrate-conntracks'}) { + $self->log('info', 'copy conntrack information'); + PVE::Tools::run_command([['/usr/bin/pve-conntrack-tool', 'dump'], [@{$self->{rem_ssh}}, '/usr/bin/pve-conntrack-tool', 'insert']]); + } } sub phase2_cleanup { -- 2.20.1