live migration is failing with libvirt >= 6.8.0
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned | ||
tripleo |
Fix Released
|
Undecided
|
Martin Schuppert |
Bug Description
With libvirt 6.8.0 introduced virt-ssh-helper:
+ * remote: ``virt-ssh-helper`` replaces ``nc`` for SSH tunnelling
+
+ Libvirt now provides a ``virt-ssh-helper`` binary on the server
+ side. The libvirt remote client will use this binary for setting
+ up an SSH tunnelled connection to hosts. If not present, it will
+ transparently fallback to the traditional ``nc`` tunnel. The new
+ binary makes it possible for libvirt to transparently connect
+ across hosts even if libvirt is built with a different installation
+ prefix on the client vs server. It also enables remote access to
+ the unprivileged per-user libvirt daemons(eg using a URI such as
+ ``qemu+
+ ``virt-ssh-helper`` is present in $PATH of the remote host.
Libvirt first checks for the `virt-ssh-helper` binary, if it's not present,
then it falls back to `nc`.
The code where the 'nova-migration
"nc" binary is here[1]
libvirt used to first check for `nc` (netcat). But these two libvirt
commits[2][3] -- which are present in the libvirt build used in this
bug -- have now changed it to first look for `virt-ssh-helper`, if it
not available, then fall back to `nc`.
The nova-migration-
the connection.
Mar 08 16:52:39 overcloud-
A possible workaround is to force-use "netcat" (`nc`) by appending to the
migration URI: "&proxy=netcat", so the `diff` of the URL:
- qemu+ssh://<email address hidden>
+ qemu+ssh://<email address hidden>
But longer term we want to allow the virt-ssh-helper, because that's needed
to work properly with the split daemons as the socket path has changed
[1] https:/
[2] https:/
use new virt-ssh-helper binary for remote tunnelling, 2020-07-08)
[3] https:/
Fix virt-ssh-helper detection, 2020-10-27)
Changed in tripleo: | |
assignee: | nobody → Martin Schuppert (mschuppert) |
status: | New → In Progress |
description: | updated |
tags: | added: train-backport-potential |
description: | updated |
Changed in tripleo: | |
status: | In Progress → Fix Released |
@Martin: You reported this against the upstream nova project but you are linking to the RDO specific nova wrapper code. Is the reported problem really affects the upstream nova project?
I'm marking this Invalid from upstream nova perspective. If you disagree then please set it back to New and help us pointing to the fault in upstream nova.