live-migration: default auth-type to ssh, enforce better value checking
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Compute Charm |
Fix Released
|
Medium
|
Liam Young | ||
juju-core |
Invalid
|
Undecided
|
Unassigned | ||
nova-compute (Juju Charms Collection) |
Invalid
|
Medium
|
Unassigned |
Bug Description
nova.cfg >>
nova-compute:
openstack-
enable-resize: true
enable-
migration-
sysctl: '{ kernel.pid_max : 4194303 }'
libvirt-
libvirtd.conf >>
#listen_tcp = 1
#auth_tcp = "sasl"
After running live-migration command, the log from the original host of a given vm:
/var/log/
2015-03-13 00:30:01.062 1796 ERROR nova.virt.
After changing the config on the /var/lib/
affects: | nova → juju |
affects: | juju → juju-core |
Changed in juju-core: | |
status: | New → Invalid |
Changed in charm-nova-compute: | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in nova-compute (Juju Charms Collection): | |
status: | Triaged → Invalid |
Changed in charm-nova-compute: | |
assignee: | nobody → Liam Young (gnuoy) |
Changed in charm-nova-compute: | |
status: | Triaged → In Progress |
Changed in charm-nova-compute: | |
milestone: | none → 17.11 |
Changed in charm-nova-compute: | |
status: | Fix Committed → Fix Released |
AFAIR the only auth-type supported by the charm is SSH - not using any type of auth was considered insecure so was not supported.
That said it feels like the charm could do better with enforcing that and providing feedback to charm users; even changing the default to 'ssh' would be better than the current situation we have where its possible to enable live-migration and end up with a non-functional deployment.