vTPM Live Migration
When Nova first added vTPM support, all non-spawn operations were
rejected [1] at the API level. Extra work was necessary to manage the
vTPM state file whe moving an instance. This work was eventually
completed for resize and cold migration, and those
operations were unblocked [2]. The live migration block has remained
in place to this day.
A TPM device is required for certain features [3] of Windows Server
2022 and 2025, most notably BitLocker Drive Encryption. The inability
to live migrate instances with vTPM is a major roadblock for anyone
operating Windows guests in an OpenStack cloud.
Libvirt support for vTPM live migration now exists, but Nova changes
are necessary before being able to remove the API block. This spec
describes those changes.
[1] https:/
[2] https:/
[3] https:/
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Artom Lifshitz
- Direction:
- Needs approval
- Assignee:
- Artom Lifshitz
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
WIP: vTPM live migration