Live migration set up<\/p>\n
block based migration or leaving it with default<\/p>\n
# \/etc\/nova\/nova.conf<\/p>\n
block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_TUNNELLED,VIR_MIGRATE_NON_SHARED_INC,VIR_MIGRATE_AUTO_CONVERGE<\/p>\n
====TCP based======<\/p>\n
\/etc\/nova\/nova.conf<\/p>\n
\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n
..<\/p>\n
[libvirt]<\/p>\n
live_migration_uri = “qemu+tcp:\/\/%s\/system”<\/p>\n
..<\/p>\n
\/etc\/libvirt\/libvirtd.conf<\/p>\n
\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n
listen_tls = 0<\/p>\n
listen_tcp = 1<\/p>\n
unix_sock_group = “libvirt”<\/p>\n
unix_sock_ro_perms = “0777”<\/p>\n
unix_sock_rw<\/p>\n
_perms = “0770”<\/p>\n
auth_unix_ro = “none”<\/p>\n
auth_unix_rw = “none”<\/p>\n
auth_tcp = \u201cnone\u201d<\/p>\n
\/etc\/default\/libvirtd<\/p>\n
\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n
start_libvirtd=”yes”<\/p>\n
libvirtd_opts=”-l”<\/p>\n
*restart both libvirt-bin & nova-compute *<\/p>\n
testing<\/p>\n
virsh -c qemu+tcp:\/\/hostname_peer\/system hostname<\/p>\n
====TCP+SASL ======<\/p>\n
install<\/p>\n
apt update<\/p>\n
apt install sasl2-bin<\/strong><\/p>\n \/etc\/nova\/nova.conf<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n ..<\/p>\n [libvirt]<\/p>\n live_migration_uri = “qemu+tcp:\/\/%s\/system”<\/p>\n ..<\/p>\n \/etc\/libvirt\/libvirtd.conf<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n listen_tls = 0<\/p>\n listen_tcp = 1<\/p>\n unix_sock_group = “libvirt”<\/p>\n unix_sock_ro_perms = “0777”<\/p>\n unix_sock_rw<\/p>\n _perms = “0770”<\/p>\n auth_unix_ro = “none”<\/p>\n auth_unix_rw = “none”<\/p>\n auth_tcp = \u201csasl\u201d<\/p>\n \/etc\/default\/libvirtd<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n start_libvirtd=”yes”<\/p>\n libvirtd_opts=”-l”<\/p>\n \/etc\/sasl2\/libvirt.conf<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n mech_list: digest-md5<\/p>\n sasldb_path: \/etc\/sasldb2<\/p>\n create user test and give nova as password<\/p>\n \u2014\u2014\u2014<\/p>\n saslpasswd2 -a libvirt test<\/p>\n sasldblistusers2 -f \/etc\/sasldb2<\/p>\n enable libvirt client auto authenticate without prompt<\/strong><\/p>\n \u2014\u2014<\/p>\n \/etc\/libvirt\/auth.conf<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n [credentials-defgrp]<\/p>\n authname<\/strong>=test<\/p>\n password=nova<\/p>\n [auth-libvirt-default]<\/p>\n credentials=defgrp<\/p>\n *restart both libvirt-bin & nova-compute *<\/p>\n test, should just work, with not prompt for user&password<\/p>\n virsh -c qemu+tcp:\/\/hostname_peer\/system hostname<\/p>\n =====================<\/p>\n ====TLS full validation ======<\/p>\n key tools<\/p>\n apt-get install gnutls-bin<\/p>\n \/etc\/nova\/nova.conf<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n ..<\/p>\n [libvirt]<\/p>\n live_migration_uri = “qemu+tls:\/\/%s\/system”<\/p>\n ..<\/p>\n \/etc\/libvirt\/libvirtd.conf<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n listen_tls = 1<\/p>\n tls_no_verify_certificate = 0<\/p>\n tls_no_verify_address = 0<\/p>\n listen_tcp = 0<\/p>\n unix_sock_group = “libvirt”<\/p>\n unix_sock_ro_perms = “0777”<\/p>\n unix_sock_rw<\/p>\n _perms = “0770”<\/p>\n auth_unix_ro = “none”<\/p>\n auth_unix_rw = “none”<\/p>\n auth_tls = \u201cnone\u201d<\/p>\n \/etc\/default\/libvirtd<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n start_libvirtd=”yes”<\/p>\n libvirtd_opts=”-l”<\/p>\n generate key pairs & certs following<\/p>\n