Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 13. Live migration

13.1. About live migration
Copiar o link

Live migration is the process of moving a running virtual machine (VM) to another node in the cluster without interrupting the virtual workload. Live migration enables smooth transitions during cluster upgrades or any time a node needs to be drained for maintenance or configuration changes.

By default, live migration traffic is encrypted using Transport Layer Security (TLS).

13.1.1. Live migration requirements
Copiar o link

Live migration has the following requirements:

  • The cluster must have shared storage with ReadWriteMany (RWX) access mode.

  • The cluster must have sufficient RAM and network bandwidth.

    Note

    You must ensure that there is enough memory request capacity in the cluster to support node drains that result in live migrations. You can determine the approximate required spare memory by using the following calculation: 

    Product of (Maximum number of nodes that can drain in parallel) and (Highest total VM memory request allocations across nodes)
    Copy to Clipboard Toggle word wrap

    The default number of migrations that can run in parallel in the cluster is 5.

  • If a VM uses a host model CPU, the nodes must support the CPU.
  • Configuring a dedicated Multus network for live migration is highly recommended. A dedicated network minimizes the effects of network saturation on tenant workloads during migration.

13.1.2. About live migration permissions
Copiar o link

In OpenShift Virtualization 4.19 and later, live migration operations are restricted to users who are explicitly granted the kubevirt.io:migrate cluster role. Users with this role can create, delete, and update virtual machine (VM) live migration requests, which are represented by VirtualMachineInstanceMigration (VMIM) custom resources.

Cluster administrators can bind the kubevirt.io:migrate role to trusted users or groups at either the namespace or cluster level.

Before OpenShift Virtualization 4.19, namespace administrators had live migration permissions by default. This behavior changed in version 4.19 to prevent unintended or malicious disruptions to infrastructure-critical migration operations.

As a cluster administrator, you can preserve the old behavior by creating a temporary cluster role before updating. After assigning the new role to users, delete the temporary role to enforce the more restrictive permissions. If you have already updated, you can still revert to the old behavior by aggregating the kubevirt.io:migrate role into the admin cluster role.

13.1.3. Preserving pre-4.19 live migration permissions during update
Copiar o link

Before you update to OpenShift Virtualization 4.20, you can create a temporary cluster role to preserve the previous live migration permissions until you are ready for the more restrictive default permissions to take effect.

Prerequisites

  • The OpenShift CLI (oc) is installed.
  • You have cluster administrator permissions.

Procedure

  1. Before updating to OpenShift Virtualization 4.20, create a temporary ClusterRole object. For example: 

    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin=true
    1 
    
  name: kubevirt.io:upgrademigrate
rules:
- apiGroups:
  - subresources.kubevirt.io
  resources:
  - virtualmachines/migrate
  verbs:
  - update
- apiGroups:
  - kubevirt.io
  resources:
  - virtualmachineinstancemigrations
  verbs:
  - get
  - delete
  - create
  - update
  - patch
  - list
  - watch
  - deletecollection
    Copy to Clipboard Toggle word wrap
    1
    This cluster role is aggregated into the admin role before you update OpenShift Virtualization. The update process does not modify it, ensuring the previous behavior is maintained.

  2. Add the cluster role manifest to the cluster by running the following command: 

    $ oc apply -f <cluster_role_file_name>.yaml
    Copy to Clipboard Toggle word wrap
  3. Update OpenShift Virtualization to version 4.20.

  4. Bind the kubevirt.io:migrate cluster role to trusted users or groups by running one of the following commands, replacing <namespace>, <first_user>, <second_user>, and <group_name> with your own values.

    • To bind the role at the namespace level, run the following command: 

      $ oc create -n <namespace> rolebinding kvmigrate --clusterrole=kubevirt.io:migrate --user=<first_user> --user=<second_user> --group=<group_name>
      Copy to Clipboard Toggle word wrap

    • To bind the role at the cluster level, run the following command: 

      $ oc create clusterrolebinding kvmigrate --clusterrole=kubevirt.io:migrate --user=<first_user> --user=<second_user> --group=<group_name>
      Copy to Clipboard Toggle word wrap

  5. When you have bound the kubevirt.io:migrate role to all necessary users, delete the temporary ClusterRole object by running the following command: 

    $ oc delete clusterrole kubevirt.io:upgrademigrate
    Copy to Clipboard Toggle word wrap

    After you delete the temporary cluster role, only users with the kubevirt.io:migrate role can create, delete, and update live migration requests.

13.1.4. Granting live migration permissions
Copiar o link

Grant trusted users or groups the ability to create, delete, and update live migration instances.

Prerequisites

  • The OpenShift CLI (oc) is installed.
  • You have cluster administrator permissions.

Procedure

  • (Optional) To change the default behavior so that namespace administrators always have permission to create, delete, and update live migrations, aggregate the kubevirt.io:migrate role into the admin cluster role by running the following command: 

    $ oc label --overwrite clusterrole kubevirt.io:migrate rbac.authorization.k8s.io/aggregate-to-admin=true
    Copy to Clipboard Toggle word wrap

  • Bind the kubevirt.io:migrate cluster role to trusted users or groups by running one of the following commands, replacing <namespace>, <first_user>, <second_user>, and <group_name> with your own values.

    • To bind the role at the namespace level, run the following command: 

      $ oc create -n <namespace> rolebinding kvmigrate --clusterrole=kubevirt.io:migrate --user=<first_user> --user=<second_user> --group=<group_name>
      Copy to Clipboard Toggle word wrap

    • To bind the role at the cluster level, run the following command: 

      $ oc create clusterrolebinding kvmigrate --clusterrole=kubevirt.io:migrate --user=<first_user> --user=<second_user> --group=<group_name>
      Copy to Clipboard Toggle word wrap

13.1.5. VM migration tuning
Copiar o link

You can adjust your cluster-wide live migration settings based on the type of workload and migration scenario. This enables you to control how many VMs migrate at the same time, the network bandwidth you want to use for each migration, and how long OpenShift Virtualization attempts to complete the migration before canceling the process. Configure these settings in the HyperConverged custom resource (CR).

If you are migrating multiple VMs per node at the same time, set a bandwidthPerMigration limit to prevent a large or busy VM from using a large portion of the node’s network bandwidth. By default, the bandwidthPerMigration value is 0, which means unlimited.

A large VM running a heavy workload (for example, database processing), with higher memory dirty rates, requires a higher bandwidth to complete the migration.

Note

Post copy mode, when enabled, triggers if the initial pre-copy phase does not complete within the defined timeout. During post copy, the VM CPUs pause on the source host while transferring the minimum required memory pages. Then the VM CPUs activate on the destination host, and the remaining memory pages transfer into the destination node at runtime. This can impact performance during the transfer.

Post copy mode should not be used for critical data, or with unstable networks.

13.1.6. Common live migration tasks
Copiar o link

You can perform the following live migration tasks:

13.1.7. Additional resources
Copiar o link

13.2. Configuring live migration
Copiar o link

You can configure live migration settings to ensure that the migration processes do not overwhelm the cluster.

You can configure live migration policies to apply different migration configurations to groups of virtual machines (VMs).

13.2.1. Configuring live migration limits and timeouts
Copiar o link

Configure live migration limits and timeouts for the cluster by updating the HyperConverged custom resource (CR), which is located in the openshift-cnv namespace.

Prerequisites

  • You have installed the OpenShift CLI (oc).

Procedure

  • Edit the HyperConverged CR and add the necessary live migration parameters: 

    $ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
    Copy to Clipboard Toggle word wrap

    Example configuration file

    apiVersion: hco.kubevirt.io/v1beta1
kind: HyperConverged
metadata:
  name: kubevirt-hyperconverged
  namespace: openshift-cnv
spec:
  liveMigrationConfig:
    bandwidthPerMigration: 64Mi
    1 
    
    completionTimeoutPerGiB: 800
    2 
    
    parallelMigrationsPerCluster: 5
    3 
    
    parallelOutboundMigrationsPerNode: 2
    4 
    
    progressTimeout: 150
    5 
    
    allowPostCopy: false
    6
    Copy to Clipboard Toggle word wrap

    1
    Bandwidth limit of each migration, where the value is the quantity of bytes per second. For example, a value of 2048Mi means 2048 MiB/s. Default: 0, which is unlimited.
    2
    The migration is canceled if it has not completed in this time, in seconds per GiB of memory. For example, a VM with 6GiB memory times out if it has not completed migration in 4800 seconds. If the Migration Method is BlockMigration, the size of the migrating disks is included in the calculation.
    3
    Number of migrations running in parallel in the cluster. Default: 5.
    4
    Maximum number of outbound migrations per node. Default: 2.
    5
    The migration is canceled if memory copy fails to make progress in this time, in seconds. Default: 150.
    6
    If a VM is running a heavy workload and the memory dirty rate is too high, this can prevent the migration from one node to another from converging. To prevent this, you can enable post copy mode. By default, allowPostCopy is set to false.
Note

You can restore the default value for any spec.liveMigrationConfig field by deleting that key/value pair and saving the file. For example, delete progressTimeout: <value> to restore the default progressTimeout: 150.

13.2.2. Configure live migration for heavy workloads
Copiar o link

When migrating a VM running a heavy workload (for example, database processing) with higher memory dirty rates, you need a higher bandwidth to complete the migration.

If the dirty rate is too high, the migration from one node to another does not converge. To prevent this, enable post copy mode.

Post copy mode triggers if the initial pre-copy phase does not complete within the defined timeout. During post copy, the VM CPUs pause on the source host while transferring the minimum required memory pages. Then the VM CPUs activate on the destination host, and the remaining memory pages transfer into the destination node at runtime.

Configure live migration for heavy workloads by updating the HyperConverged custom resource (CR), which is located in the openshift-cnv namespace.

Prerequisites

  • You have installed the OpenShift CLI (oc).

Procedure

  1. Edit the HyperConverged CR and add the necessary parameters for migrating heavy workloads: 

    $ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
    Copy to Clipboard Toggle word wrap

    Example configuration file

    apiVersion: hco.kubevirt.io/v1beta1
kind: HyperConverged
metadata:
  name: kubevirt-hyperconverged
  namespace: openshift-cnv
spec:
  liveMigrationConfig:
    bandwidthPerMigration: 0Mi
    1 
    
    completionTimeoutPerGiB: 150
    2 
    
    parallelMigrationsPerCluster: 5
    3 
    
    parallelOutboundMigrationsPerNode: 1
    4 
    
    progressTimeout: 150
    5 
    
    allowPostCopy: true
    6
    Copy to Clipboard Toggle word wrap

    1
    Bandwidth limit of each migration, where the value is the quantity of bytes per second. The default is 0, which is unlimited.
    2
    The migration is canceled if it is not completed in this time, and triggers post copy mode, when post copy is enabled. This value is measured in seconds per GiB of memory. You can lower completionTimeoutPerGiB to trigger post copy mode earlier in the migration process, or raise the completionTimeoutPerGiB to trigger post copy mode later in the migration process.
    3
    Number of migrations running in parallel in the cluster. The default is 5. Keeping the parallelMigrationsPerCluster setting low is better when migrating heavy workloads.
    4
    Maximum number of outbound migrations per node. Configure a single VM per node for heavy workloads.
    5
    The migration is canceled if memory copy fails to make progress in this time. This value is measured in seconds. Increase this parameter for large memory sizes running heavy workloads.
    6
    Use post copy mode when memory dirty rates are high to ensure the migration converges. Set allowPostCopy to true to enable post copy mode.
  2. Optional: If your main network is too busy for the migration, configure a secondary, dedicated migration network.
Note

Post copy mode can impact performance during the transfer, and should not be used for critical data, or with unstable networks.

13.2.4. Live migration policies
Copiar o link

You can create live migration policies to apply different migration configurations to groups of VMs that are defined by VM or project labels.

Tip

You can create live migration policies by using the OpenShift Container Platform web console.

13.2.4.1. Creating a live migration policy by using the CLI
Copiar o link

You can create a live migration policy by using the command line. KubeVirt applies the live migration policy to selected virtual machines (VMs) by using any combination of labels:

  • VM labels such as size, os, or gpu
  • Project labels such as priority, bandwidth, or hpc-workload

For the policy to apply to a specific group of VMs, all labels on the group of VMs must match the labels of the policy.

Note

If multiple live migration policies apply to a VM, the policy with the greatest number of matching labels takes precedence.

If multiple policies meet this criteria, the policies are sorted by alphabetical order of the matching label keys, and the first one in that order takes precedence.

Prerequisites

  • You have installed the OpenShift CLI (oc).

Procedure

  1. Edit the VM object to which you want to apply a live migration policy, and add the corresponding VM labels.

    1. Open the YAML configuration of the resource: 

      $ oc edit vm <vm_name>
      Copy to Clipboard Toggle word wrap

    2. Adjust the required label values in the .spec.template.metadata.labels section of the configuration. For example, to mark the VM as a production VM for the purposes of migration policies, add the kubevirt.io/environment: production line: 

      apiVersion: migrations.kubevirt.io/v1alpha1
kind: VirtualMachine
metadata:
  name: <vm_name>
  namespace: default
  labels:
    app: my-app
    environment: production
spec:
  template:
    metadata:
      labels:
        kubevirt.io/domain: <vm_name>
        kubevirt.io/size: large
        kubevirt.io/environment: production
# ...
      Copy to Clipboard Toggle word wrap
    3. Save and exit the configuration.

  2. Configure a MigrationPolicy object with the corresponding labels. The following example configures a policy that applies to all VMs that are labeled as production: 

    apiVersion: migrations.kubevirt.io/v1alpha1
kind: MigrationPolicy
metadata:
  name: <migration_policy>
spec:
  selectors:
    namespaceSelector:
    1 
    
      hpc-workloads: "True"
      xyz-workloads-type: ""
    virtualMachineInstanceSelector:
    2 
    
      kubevirt.io/environment: "production"
    Copy to Clipboard Toggle word wrap
    1
    Specify project labels.
    2
    Specify VM labels.

  3. Create the migration policy by running the following command: 

    $ oc create -f <migration_policy>.yaml
    Copy to Clipboard Toggle word wrap

13.2.5. Migrating a VM to a specific node
Copiar o link

You can migrate a running virtual machine (VM) to a specific subset of nodes by using the addedNodeSelector field on the VirtualMachineInstanceMigration object. This field lets you apply additional node selection rules for a one-time migration attempt, without affecting the VM configuration or future migrations.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • The VM you want to migrate is running.
  • You have identified the labels of the target nodes. Multiple labels can be specified and are combined with logical AND.
  • The oc CLI tool is installed.

Procedure

  1. Create a migration manifest YAML file. For example: 

    apiVersion: kubevirt.io/v1
kind: VirtualMachineInstanceMigration
metadata:
  name: migration-job
spec:
  vmiName: vmi-fedora
  addedNodeSelector:
    accelerator: gpu-enabled23
    kubernetes.io/hostname: "ip-172-28-114-199.example"
    Copy to Clipboard Toggle word wrap

    where:

    vmiName
    Specifies the name of the running VM (for example, vmi-fedora).
    addedNodeSelector
    Specifies additional constraints for selecting the target node.

  2. Apply the manifest to the cluster by running the following command: 

    $ oc apply -f <file_name>.yaml
    Copy to Clipboard Toggle word wrap

    If no nodes satisfy the constraints, the migration is declared a failure after a timeout. The VM remains unaffected.

13.3. Initiating and canceling live migration
Copiar o link

You can initiate the live migration of a virtual machine (VM) to another node by using the OpenShift Container Platform web console or the command line.

You can cancel a live migration by using the web console or the command line. The VM remains on its original node.

Tip

You can also initiate and cancel live migration by using the virtctl migrate <vm_name> and virtctl migrate-cancel <vm_name> commands.

13.3.1. Initiating live migration
Copiar o link

13.3.1.1. Initiating live migration by using the web console
Copiar o link

You can live migrate a running virtual machine (VM) to a different node in the cluster by using the OpenShift Container Platform web console.

Note

The Migrate action is visible to all users but only cluster administrators can initiate a live migration.

Prerequisites

  • You have the kubevirt.io:migrate RBAC role or you are a cluster administrator.
  • The VM is migratable.
  • If the VM is configured with a host model CPU, the cluster has an available node that supports the CPU model.

Procedure

  1. Navigate to Virtualization VirtualMachines in the web console.

  2. Take either of the following steps:

    • Click the Options menu kebab beside the VM you want to migrate, hover over the Migrate option, and select Compute.
    • Open the VM details page of the VM you want to migrate, click the Actions menu, hover over the Migrate option, and select Compute.

  3. In the Migrate Virtual Machine to a different Node dialog box, select either Automatically Selected Node or Specific Node.

    1. If you selected the Specific Node option, choose a node from the list.
  4. Click Migrate Virtual Machine.

13.3.1.2. Initiating live migration by using the CLI
Copiar o link

You can initiate the live migration of a running virtual machine (VM) by using the command line to create a VirtualMachineInstanceMigration object for the VM.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have the kubevirt.io:migrate RBAC role or you are a cluster administrator.

Procedure

  1. Create a VirtualMachineInstanceMigration manifest for the VM that you want to migrate: 

    apiVersion: kubevirt.io/v1
kind: VirtualMachineInstanceMigration
metadata:
  name: <migration_name>
spec:
  vmiName: <vm_name>
    Copy to Clipboard Toggle word wrap

  2. Create the object by running the following command: 

    $ oc create -f <migration_name>.yaml
    Copy to Clipboard Toggle word wrap

    The VirtualMachineInstanceMigration object triggers a live migration of the VM. This object exists in the cluster for as long as the virtual machine instance is running, unless manually deleted.

Verification

  • Obtain the VM status by running the following command: 

    $ oc describe vmi <vm_name> -n <namespace>
    Copy to Clipboard Toggle word wrap

    Example output

    # ...
Status:
  Conditions:
    Last Probe Time:       <nil>
    Last Transition Time:  <nil>
    Status:                True
    Type:                  LiveMigratable
  Migration Method:  LiveMigration
  Migration State:
    Completed:                    true
    End Timestamp:                2018-12-24T06:19:42Z
    Migration UID:                d78c8962-0743-11e9-a540-fa163e0c69f1
    Source Node:                  node2.example.com
    Start Timestamp:              2018-12-24T06:19:35Z
    Target Node:                  node1.example.com
    Target Node Address:          10.9.0.18:43891
    Target Node Domain Detected:  true
    Copy to Clipboard Toggle word wrap

13.3.2. Canceling live migration
Copiar o link

13.3.2.1. Canceling live migration by using the web console
Copiar o link

You can cancel the live migration of a virtual machine (VM) by using the OpenShift Container Platform web console.

Prerequisites

  • You have the kubevirt.io:migrate RBAC role or you are a cluster administrator.

Procedure

  1. Navigate to Virtualization VirtualMachines in the web console.
  2. Select Cancel Migration on the Options menu kebab beside a VM.

13.3.2.2. Canceling live migration by using the CLI
Copiar o link

Cancel the live migration of a virtual machine by deleting the VirtualMachineInstanceMigration object associated with the migration.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have the kubevirt.io:migrate RBAC role or you are a cluster administrator.

Procedure

  • Delete the VirtualMachineInstanceMigration object that triggered the live migration, migration-job in this example: 

    $ oc delete vmim migration-job
    Copy to Clipboard Toggle word wrap
Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat