Rate This Document
Findability
Accuracy
Completeness
Readability

Running migcvm-agent on migcvm

  1. On the source and peer servers, add the migvm-cap=migvm parameter to the QEMU XML configuration file of the migvm cVM to enable the migvm migration function, and specify the VSOCK and CID for communication.
      <qemu:commandline>
        <qemu:arg value='-object'/>
        <qemu:arg value='tmm-guest,id=tmm0,sve-vector-length=128,num-pmu-counters=1,migvm-cap=migvm'/>
      </qemu:commandline>
      <vsock model='virtio'>
        <cid auto='no' address='8'/>
      </vsock>

    The CID address may be randomly allocated by the cloud management platform. Since the host kernel CID is 2, the platform allocates a CID greater than 2 to prevent conflicts between the VM CID and the system.

  2. After the configuration is complete, start the migvm VM by following instructions in Configuring cVMs.
  3. Download virtCCA_sdk, install it on the migvm, and obtain the RIM values of the source and peer servers. For details about how to obtain the RIM values, see the gen_rim_ref tool description in Enabling Remote Attestation.
    1. Pull the master branch code of the organization repository.
      git clone https://atomgit.com/openeuler/virtCCA_sdk.git --depth 10
    2. Compile and install dependencies based on GitCode. (If QCBOR, t_cose, and libcbor already exist in the environment, skip this step.)
      cd migcvm-agent/
      git clone https://github.com/inclavare-containers/rats-tls.git
      cd rats-tls
      git reset --hard 40f7b78403d75d13b1a372c769b2600f62b02692
      git apply ../../attestation/rats-tls/*.patch
      bash build.sh -s -r -c -v gcc
      cp -rf output/lib/rats-tls /usr/lib/
      cp -rfL output/lib/rats-tls/librats_tls.so.0 /lib64/
      cd -
      bash ./build.sh
      # Place the compilation product migcvm-agent to mig-cvm.
      cp build/migcvm-agent   ${CVM_PATH}/home/
    3. Deploy the certificate in the directory where migcvm-agent is located. For details, see Enabling Remote Attestation.
  4. Before the migration, perform remote attestation to ensure that the RIM values on the source and peer servers are the same.
    1. Log in to the source VM and verify the RIM value of the peer server.
      virsh console migvm-src
      cd ${CVM_PATH}/home
      ./migcvm-agent  -c <remote migcvm listening IP address>
    2. Log in to the migvm VM on the peer server and verify the RIM value of the source server.
      virsh console migvm-dst
      cd ${CVM_PATH}/home
      ./migcvm-agent  -c <remote migcvm listening IP address>

      The -c option is not required if cvm-miguri has been set during the migration in Step 3 of section 4.11.3.