|
Is there a plan for adding security to
migration? It appears that one can push a domain to any Xen enabled host
on the same subnet, thus gaining access to its block devices, etc on the
destination host. It would be reasonable to have a
xen.hosts.migrate.allow type file to grant access to hosts wishing to migrate
domains into the local machine.
It might be useful to have "pre-migrate" mechanism
that would validate the resources necessary to migrate a domain.
This might send the domain config to the remote host and receive a descriptor
detailing the load on the host and the viability of mem/devices needed to
perform the migrate. This would help build clustering capabilities
where a migration choice could be made based on load/resources.
After a successful migrate, there appears to be no
persisted domain config on the destination. Seems like there should
be a means to have the destination persist the config automatically on a
successful migration, so that on host reboot or failure/recovery of the
destination host, the migrated domain config is available.
Without an automatic persist of the config, there might be a window where a
domain could be lost (crash before an admin has a chance to observe the
successful migrate and can extract or copy the config to the
destination).
| 
