live migration (block migration) _post_live_migration may run with an expired token
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Expired
|
Undecided
|
Unassigned |
Bug Description
A live migration of a large instance can take an arbitrarily long period of time.
Once the underlying driver calls nova.compute.
These calls fall into two categories. The first are ones that gather information - that information may, potentially, be gathered earlier on as a part of the pre-migration step.
However, some of these calls (which run on both the source and destination) ask other components to actually perform some state changes - block device mappings and/or network state changes.
There are a number of approaches which might be taken to remedy this. For instance, keystone might be given the ability to spawn long-lived, one-shot tokens that can be renewed without the underlying credentials; the live migration process then needs to spawn and keep those tokens alive while it waits.
Alternatively, the services that migration depends upon (block migration, network migration) could be aught about the live migration lifecycle explicitly. (This is not a bad idea anyway.) They can use the partial setup registered as a part of the pre-migration to authorise the post-migration step - however, the nova layer would still need to credential the api requests it makes to complete the live migration process.
Finally, the nova layer could be given not only neutron but also cinder admin credentials, which it uses for the post-migration stage.
tags: | added: compute |
Changed in nova: | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in nova: | |
status: | Triaged → Confirmed |
Changed in nova: | |
assignee: | nobody → Timofey Durakov (tdurakov) |
tags: | added: live-migrate |
Changed in nova: | |
assignee: | Timofey Durakov (tdurakov) → nobody |
tags: |
added: live-migration removed: live-migrate |
Changed in nova: | |
assignee: | nobody → lvmxh (shaohef) |
Changed in nova: | |
assignee: | lvmxh (shaohef) → nobody |
Will be addressed by:
https:/ /blueprints. launchpad. net/nova/ +spec/refresh- abort-live- migration