Search

CN-115220867-B - Migration method, device, equipment and medium of virtual machine

CN115220867BCN 115220867 BCN115220867 BCN 115220867BCN-115220867-B

Abstract

The application discloses a migration method, a migration device, migration equipment and migration media of a virtual machine, and belongs to the technical field of servers; the method comprises the steps of designating a target computing node for deploying a target libvirt container image in OpenStack, judging whether the target libvirt container image needs to execute migration operation by using a national cryptographic algorithm according to a global configuration file, if so, generating a central certificate according to the national cryptographic algorithm, storing the corresponding relation between the target computing node and the central certificate to a libvirt pod, generating a client certificate and a server certificate according to the central certificate, and storing each certificate to a designated directory so as to deploy the target libvirt container image on the target computing node. By the method, the safety and reliability of the virtual machine in the migration process can be further ensured.

Inventors

  • WU XINCHAO
  • LI HONGWEI

Assignees

  • 济南浪潮数据技术有限公司

Dates

Publication Date
20260512
Application Date
20220630

Claims (9)

  1. 1. A method for migrating a virtual machine, comprising: when OpenStack is about to execute virtual machine migration operation, acquiring a target libvirt container image, wherein the target libvirt container image is a container image supporting a national cryptographic algorithm; A target computing node for deploying the target libvirt container image is appointed in the OpenStack, and whether the target libvirt container image needs to execute migration operation by utilizing the cryptographic algorithm is judged according to a global configuration file; If yes, a central certificate is generated according to the national encryption algorithm, and the corresponding relation between the target computing node and the central certificate is stored to a libvirt pod; Generating a client certificate and a server certificate according to the central certificate, and storing the central certificate, the client certificate and the server certificate to a specified directory to deploy the target libvirt container image on the target computing node; the construction process of the target libvirt container mirror image comprises the following steps: and selecting a container base mirror image, and installing a libvirt code and a national encryption algorithm data packet in the container base mirror image to obtain the target libvirt container mirror image.
  2. 2. The migration method of claim 1, wherein after the process of obtaining the target libvirt container image, further comprising: And storing the target libvirt container image to an image warehouse of the OpenStack.
  3. 3. The migration method of claim 1, wherein the process of generating a central certificate according to the cryptographic algorithm and storing the correspondence between the target computing node and the central certificate to libvirt pod comprises: If the number of the target computing nodes is a plurality of, starting a libvirt job on any one of the target computing nodes, and generating a central certificate according to the cryptographic algorithm; And distributing the central certificate to each computing node of the target computing node, and storing the corresponding relation between each computing node and the central certificate to the libvirt pod.
  4. 4. The migration method of claim 1, wherein the process of generating the central certificate according to the cryptographic algorithm comprises: creating a central certificate template according to the national encryption algorithm, and generating a central certificate private key according to the central certificate template; and generating the central certificate according to the central certificate private key.
  5. 5. The migration method of claim 1, wherein after the process of determining whether the target libvirt container image needs to perform the migration operation by using the cryptographic algorithm according to the global profile, further comprises: If not, the target libvirt container mirror image is directly deployed on the target computing node.
  6. 6. The migration method of any one of claims 1 to 5, wherein the process of specifying a target computing node deploying the target libvirt container image in the OpenStack comprises: and designating the target computing node deploying the target libvirt container image in the OpenStack by utilizing an inventory file.
  7. 7. A migration apparatus for a virtual machine, comprising: The system comprises an image acquisition module, a storage module and a storage module, wherein the image acquisition module is used for acquiring a target libvirt container image when OpenStack is to execute virtual machine migration operation, wherein the target libvirt container image is a container image supporting a cryptographic algorithm; the migration judging module is used for appointing a target computing node for deploying the target libvirt container image in the OpenStack and judging whether the target libvirt container image needs to execute migration operation by utilizing the cryptographic algorithm or not according to a global configuration file; The relation storage module is used for generating a central certificate according to the national cryptographic algorithm when the judging result of the migration judging module is yes, and storing the corresponding relation between the target computing node and the central certificate to a libvirt pod; The mirror image deployment module is used for generating a client certificate and a server certificate according to the central certificate, and storing the central certificate, the client certificate and the server certificate into a specified directory so as to deploy the target libvirt container mirror image on the target computing node; the construction process of the target libvirt container mirror image comprises the following steps: and selecting a container base mirror image, and installing a libvirt code and a national encryption algorithm data packet in the container base mirror image to obtain the target libvirt container mirror image.
  8. 8. A migration apparatus for a virtual machine, comprising: A memory for storing a computer program; A processor for implementing the steps of a method for migration of a virtual machine according to any one of claims 1 to 6 when executing said computer program.
  9. 9. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of a migration method of a virtual machine according to any of claims 1 to 6.

Description

Migration method, device, equipment and medium of virtual machine Technical Field The present invention relates to the field of server technologies, and in particular, to a migration method, apparatus, device, and medium for a virtual machine. Background OpenStack is an open source platform which aims at providing software services for the construction and management of public and private clouds, and is quite widely applied in various industries due to stable performance and strong expandability. In the prior art, when the OpenStack migrates a virtual machine, an AES (Advanced Encryption Standard ) encryption algorithm or an RSA encryption algorithm is generally used for migrating the virtual machine, but the encryption key of the AES encryption algorithm is short, the operation speed is slow, the encryption and decryption efficiency of the RSA encryption algorithm is low, and the OpenStack is only suitable for micro data processing, so that the virtual machine cannot resist strong attack of illegal molecules in the migration process, and thus, the migration process of the virtual machine has great potential safety hazard. Therefore, how to further ensure the security and reliability of the virtual machine in the migration process is a technical problem to be solved by those skilled in the art. Disclosure of Invention The invention aims to provide a migration method, device, equipment and medium of a virtual machine, so as to further ensure the safety and reliability of the virtual machine in the migration process. In order to solve the technical problems, the present invention provides a migration method of a virtual machine, including: when OpenStack is about to execute virtual machine migration operation, acquiring a target libvirt container image, wherein the target libvirt container image is a container image supporting a national cryptographic algorithm; A target computing node for deploying the target libvirt container image is appointed in the OpenStack, and whether the target libvirt container image needs to execute migration operation by utilizing the cryptographic algorithm is judged according to a global configuration file; If yes, a central certificate is generated according to the national encryption algorithm, and the corresponding relation between the target computing node and the central certificate is stored to a libvirt pod; And generating a client certificate and a server certificate according to the central certificate, and storing the central certificate, the client certificate and the server certificate to a specified directory so as to deploy the target libvirt container mirror image on the target computing node. Preferably, the construction process of the target libvirt container mirror image includes: and selecting a container base mirror image, and installing a libvirt code and a national encryption algorithm data packet in the container base mirror image to obtain the target libvirt container mirror image. Preferably, after the process of obtaining the target libvirt container image, the method further includes: And storing the target libvirt container image to an image warehouse of the OpenStack. Preferably, the process of generating a central certificate according to the cryptographic algorithm and storing the correspondence between the target computing node and the central certificate to a libvirt pod includes: If the number of the target computing nodes is a plurality of, starting a libvirt job on any one of the target computing nodes, and generating a central certificate according to the cryptographic algorithm; And distributing the central certificate to each computing node of the target computing node, and storing the corresponding relation between each computing node and the central certificate to the libvirt pod. Preferably, the process of generating the central certificate according to the cryptographic algorithm includes: creating a central certificate template according to the national encryption algorithm, and generating a central certificate private key according to the central certificate template; and generating the central certificate according to the central certificate private key. Preferably, after the process of determining whether the target libvirt container image needs to execute the migration operation by using the cryptographic algorithm according to the global configuration file, the method further includes: If not, the target libvirt container mirror image is directly deployed on the target computing node. Preferably, the process of designating a target computing node for deploying the target libvirt container image in the OpenStack includes: and designating the target computing node deploying the target libvirt container image in the OpenStack by utilizing an inventory file. In order to solve the technical problem, the present invention further provides a migration apparatus for a virtual machine, including: The system comprises an image acquisition m