public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Fiona Ebner <f.ebner@proxmox.com>
To: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>,
	"Bogdan Ionescu" <bogdan@ionescu.at>,
	"pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [RFC] qemu-server: add migration_type=insecure to remote-migrate
Date: Mon, 13 Jul 2026 10:27:42 +0200	[thread overview]
Message-ID: <b072f9d7-b0f8-41fc-8c37-7ea90798aa1b@proxmox.com> (raw)
In-Reply-To: <1777552058.4o39hpnqt6.astroid@yuna.none>

Am 30.04.26 um 2:38 PM schrieb Fabian Grünbichler:
> On April 25, 2026 3:10 am, Bogdan Ionescu wrote:
>>
>> == Backward compatibility approach ==
>>
>> Rather than bumping WS_TUNNEL_VERSION (which would break
>> new-source -> old-target combinations because of the existing
>> "$WS_TUNNEL_VERSION > $tunnel->{version}" check), I'd add a
>> forward-compatible 'caps' field to the version response. Old sources
>> ignore unknown JSON keys; new sources require 'insecure-remote' to be
>> present in caps before allowing migration_type=insecure, and otherwise
>> fall through to the existing WS-tunneled path with no behavioral
>> change.
> 
> what do you think @Fiona?

Sorry for the very late response. I think a two-way negotiation is
better for the long term. Because with the proposed approach, i.e.
"target informs source, source decides what to do", the target cannot
directly know whether the source will (be able to) use a certain
capability or not and thus the target is not be able to adapt its
commandline/handling depending on the capabilities alone.

I think there should rather be a dedicated 'capabilities' handler rather
than the capabilities being part of the 'version' handler and then:
1. The source sends along the capabilities it wants to use.
2. The target looks at the capabilities and decides which ones it also
supports/wants and returns the result to the source. This will be a
strict subset of the ones the source sent along.
3. Both source and target know which capabilities are going to be used
and can proceed accordingly.

Best Regards,
Fiona




      parent reply	other threads:[~2026-07-13  8:28 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-25  1:10 [pve-devel] [RFC] qemu-server: add migration_type=insecure to remote-migrate Bogdan Ionescu
2026-04-30 12:40 ` Fabian Grünbichler
2026-05-14 22:25   ` Bogdan Ionescu
2026-05-14 22:27   ` [PATCH qemu-server] remote migration: allow insecure TCP data plane Bogdan Ionescu
2026-05-14 22:27     ` [PATCH pve-guest-common] tunnel: propagate remote capabilities Bogdan Ionescu
2026-05-15 21:54   ` [PATCH v2 qemu-server] remote migration: allow insecure TCP data plane Bogdan Ionescu
2026-05-15 21:54     ` [PATCH v2 pve-guest-common] tunnel: propagate remote capabilities Bogdan Ionescu
2026-07-13  8:27   ` Fiona Ebner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b072f9d7-b0f8-41fc-8c37-7ea90798aa1b@proxmox.com \
    --to=f.ebner@proxmox.com \
    --cc=bogdan@ionescu.at \
    --cc=f.gruenbichler@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal