Re: [pve-devel] [PATCH qemu-server 1/1] qemu: add offline migration from dead node - DERUMIER, Alexandre via pve-devel

From: "DERUMIER, Alexandre via pve-devel" <pve-devel@lists.proxmox.com>
To: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Cc: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
Subject: Re: [pve-devel] [PATCH qemu-server 1/1] qemu: add offline migration from dead node
Date: Tue, 1 Apr 2025 16:13:23 +0000	[thread overview]
Message-ID: <mailman.447.1743524044.359.pve-devel@lists.proxmox.com> (raw)
In-Reply-To: <52ef2b59-21ec-4a6c-b528-47f1e11c691e@proxmox.com>

[-- Attachment #1: Type: message/rfc822, Size: 15235 bytes --]

From: "DERUMIER, Alexandre" <alexandre.derumier@groupe-cyllene.com>
To: "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH qemu-server 1/1] qemu: add offline migration from dead node
Date: Tue, 1 Apr 2025 16:13:23 +0000
Message-ID: <368d42667a23554c6f7d51697c89eb43f5544cf7.camel@groupe-cyllene.com>

Hi ! (sorry to disturb the mailing )

>>(iow. 'mv source target')
>>which is at least as dangerous as exposing over the API, since

>>* now the admins sharing the system must share root@pam credentials
>>(ssh/console access)
>>   (alternatively setup sudo, which has it's own problems)
>>
>>* it promotes manually modifying /etc/pve/ content
>>
>>* any error could be even more fatal than if done via the API
>>   (e.g. mv of the wrong file, from the wrong node, etc.)

That was the more or less the idea of the patch series. (Ok the gui is
not the best part ^_^ ).

I would like to avoid to do mv manually in /etc/pve.  (I known a 
lott of people doing it, and generally when you need to do it, it's a 
crash during the night when your brain is off and mistake can occur
(murphy law))

So yes, maybe extra manual stonith through ipmi or power devices could
help for manual action.  (Maybe declare the node as dead in the gui,
calling the stonith devices to be sure that the node is really dead)

Be able to do it with root access could be a plus (I remember about a
SuperAdmin patch series some year ago), as sometime tech support night
admins don't always have root permission or sudo for compliance, or it
need escalation just to restart vms stuck on a dead node)

Alexandre

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://antiphishing.vadesecure.com/v4?f=WExObUdsNkxHUTVwMTdKdhJAqEDL-
R26dkAigaQdBcr446fxBoV5DCPzIhJWszve2S584YgEkH73Ypn894ZZQA&i=dktEMmMyTnl
id1lsUjVvYvDN_JKeSC-
NkIvzg1_2L5o&k=dPpv&r=bGMwQ1dycHZ0bUpyOWJIRiNqIftRvG8M_caPGC_YgDRGxqfco
1zLiQ7nCHK7-
BKb&s=47ee090105782781d958e6067618f39da0e0cc378a0b535fe550cd41924175c2&
u=https%3A%2F%2Flists.proxmox.com%2Fcgi-bin%2Fmailman%2Flistinfo%2Fpve-
devel

[-- Attachment #2: Type: text/plain, Size: 160 bytes --]

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel