Is there a plan for adding security to migration? It appears that one can push a domain to any Xen enabled host on the same subnet, thus gaining access to its block devices, etc on the destination host. It would be reasonable to have a xen.hosts.migrate.allow type file to grant access to hosts wishing to migrate domains into the local machine.
It might be useful to have "pre-migrate" mechanism that would validate the resources necessary to migrate a domain. This might send the domain config to the remote host and receive a descriptor detailing the load on the host and the viability of mem/devices needed to perform the migrate. This would help build clustering capabilities where a migration choice could be made based on load/resources.
After a successful migrate, there appears to be no persisted domain config on the destination. Seems like there should be a means to have the destination persist the config automatically on a successful migration, so that on host reboot or failure/recovery of the destination host, the migrated domain config is available. Without an automatic persist of the config, there might be a window where a domain could be lost (crash before an admin has a chance to observe the successful migrate and can extract or copy the config to the destination).
It might be useful to have "pre-migrate" mechanism that would validate the resources necessary to migrate a domain. This might send the domain config to the remote host and receive a descriptor detailing the load on the host and the viability of mem/devices needed to perform the migrate. This would help build clustering capabilities where a migration choice could be made based on load/resources.
After a successful migrate, there appears to be no persisted domain config on the destination. Seems like there should be a means to have the destination persist the config automatically on a successful migration, so that on host reboot or failure/recovery of the destination host, the migrated domain config is available. Without an automatic persist of the config, there might be a window where a domain could be lost (crash before an admin has a chance to observe the successful migrate and can extract or copy the config to the destination).