OpenStack Nova Compute Charm

  1. Bug #2039551
  2. Activity log

Activity log for bug #2039551

Date Who What changed Old value New value Message
2023-10-17 09:36:35 Giuseppe Petralia bug added bug
2023-10-17 09:54:02 Giuseppe Petralia description On CIS hardened environments, root login is disabled in /etc/ssh/sshd_config with: PermitRootLogin no that makes live migrations failing regardless VMs are on shared storage or not. The error is: ``` 2023-10-17 08:34:42.602 3904 ERROR nova.virt.libvirt.driver [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Live Migration failure: Cannot recv data: Authorized uses only. All activity may be monitored and reported. root@10.169.130.23: Permission denied (publickey).: Connection reset by peer: libvirt.libvirtError: Cannot recv data: Authorized uses only. All activity may be monitored and reported. 2023-10-17 08:34:42.815 3904 WARNING nova.compute.manager [req-bf622559-f199-4a2d-948f-3962bf686c4d 56b7446f04fa446ca90b1599c729bbe6 c86bb3408a9743f3989b76007787e089 - 4addaf4e7f7d4915bf2387f12bd2b42b 4addaf4e7f7d4915bf2387f12bd2b42b] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Received unexpected event network-vif-plugged-b2d4198a-54c2-478d-aa85-39453475a78e for instance with vm_state active and task_state migrating. 2023-10-17 08:34:43.014 3904 ERROR nova.virt.libvirt.driver [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Migration operation has aborted 2023-10-17 08:34:43.034 3904 ERROR nova.compute.manager [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Did not find resource allocations for migration 5413f94a-aaac-4359-82b5-81976c0d1c0d on source node compute-9.domain. Unable to revert source node allocations back to the instance. ``` Charm should override that settings adding a config to /etc/ssh/sshd_config.d with something like ``` PermitRootLogin yes Allowusers root@<libvirt-migration-network> ``` On CIS hardened environments, root login is disabled in /etc/ssh/sshd_config with: PermitRootLogin no that makes live migrations failing regardless VMs are on shared storage or not. The error is: ``` 2023-10-17 08:34:42.602 3904 ERROR nova.virt.libvirt.driver [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Live Migration failure: Cannot recv data: Authorized uses only. All activity may be monitored and reported. root@10.10.10.23: Permission denied (publickey).: Connection reset by peer: libvirt.libvirtError: Cannot recv data: Authorized uses only. All activity may be monitored and reported. 2023-10-17 08:34:42.815 3904 WARNING nova.compute.manager [req-bf622559-f199-4a2d-948f-3962bf686c4d 56b7446f04fa446ca90b1599c729bbe6 c86bb3408a9743f3989b76007787e089 - 4addaf4e7f7d4915bf2387f12bd2b42b 4addaf4e7f7d4915bf2387f12bd2b42b] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Received unexpected event network-vif-plugged-b2d4198a-54c2-478d-aa85-39453475a78e for instance with vm_state active and task_state migrating. 2023-10-17 08:34:43.014 3904 ERROR nova.virt.libvirt.driver [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Migration operation has aborted 2023-10-17 08:34:43.034 3904 ERROR nova.compute.manager [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Did not find resource allocations for migration 5413f94a-aaac-4359-82b5-81976c0d1c0d on source node compute-9.domain. Unable to revert source node allocations back to the instance. ``` Charm should override that settings adding a config to /etc/ssh/sshd_config.d with something like ``` PermitRootLogin yes Allowusers root@<libvirt-migration-network> ```
2023-10-17 10:21:08 Giuseppe Petralia description On CIS hardened environments, root login is disabled in /etc/ssh/sshd_config with: PermitRootLogin no that makes live migrations failing regardless VMs are on shared storage or not. The error is: ``` 2023-10-17 08:34:42.602 3904 ERROR nova.virt.libvirt.driver [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Live Migration failure: Cannot recv data: Authorized uses only. All activity may be monitored and reported. root@10.10.10.23: Permission denied (publickey).: Connection reset by peer: libvirt.libvirtError: Cannot recv data: Authorized uses only. All activity may be monitored and reported. 2023-10-17 08:34:42.815 3904 WARNING nova.compute.manager [req-bf622559-f199-4a2d-948f-3962bf686c4d 56b7446f04fa446ca90b1599c729bbe6 c86bb3408a9743f3989b76007787e089 - 4addaf4e7f7d4915bf2387f12bd2b42b 4addaf4e7f7d4915bf2387f12bd2b42b] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Received unexpected event network-vif-plugged-b2d4198a-54c2-478d-aa85-39453475a78e for instance with vm_state active and task_state migrating. 2023-10-17 08:34:43.014 3904 ERROR nova.virt.libvirt.driver [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Migration operation has aborted 2023-10-17 08:34:43.034 3904 ERROR nova.compute.manager [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Did not find resource allocations for migration 5413f94a-aaac-4359-82b5-81976c0d1c0d on source node compute-9.domain. Unable to revert source node allocations back to the instance. ``` Charm should override that settings adding a config to /etc/ssh/sshd_config.d with something like ``` PermitRootLogin yes Allowusers root@<libvirt-migration-network> ``` On CIS hardened environments, root login is disabled in /etc/ssh/sshd_config with: PermitRootLogin no that makes live migrations failing regardless VMs are on shared storage or not. The error is: ``` 2023-10-17 08:34:42.602 3904 ERROR nova.virt.libvirt.driver [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Live Migration failure: Cannot recv data: Authorized uses only. All activity may be monitored and reported. root@10.10.10.23: Permission denied (publickey).: Connection reset by peer: libvirt.libvirtError: Cannot recv data: Authorized uses only. All activity may be monitored and reported. 2023-10-17 08:34:42.815 3904 WARNING nova.compute.manager [req-bf622559-f199-4a2d-948f-3962bf686c4d 56b7446f04fa446ca90b1599c729bbe6 c86bb3408a9743f3989b76007787e089 - 4addaf4e7f7d4915bf2387f12bd2b42b 4addaf4e7f7d4915bf2387f12bd2b42b] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Received unexpected event network-vif-plugged-b2d4198a-54c2-478d-aa85-39453475a78e for instance with vm_state active and task_state migrating. 2023-10-17 08:34:43.014 3904 ERROR nova.virt.libvirt.driver [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Migration operation has aborted 2023-10-17 08:34:43.034 3904 ERROR nova.compute.manager [-] [instance: 67ba8b07-22b7-4d4b-bf47-2a15d3f4bc45] Did not find resource allocations for migration 5413f94a-aaac-4359-82b5-81976c0d1c0d on source node compute-9.domain. Unable to revert source node allocations back to the instance. ``` Charm should override that settings adding a config to /etc/ssh/sshd_config.d with something like ``` PermitRootLogin yes Allowusers root@<libvirt-migration-network-ip> ```
2023-10-17 13:04:26 Nobuto Murata bug added subscriber Nobuto Murata
2023-10-17 14:57:18 Przemyslaw Hausman tags cis-hardening