Juju Charms Collection
nova-compute package

live-migration: default auth-type to ssh, enforce better value checking

Bug #1431685 reported by Fabricio Costi
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack Nova Compute Charm
Fix Released
Medium
Liam Young
OpenStack Nova Compute Charm 17.11
juju-core
Invalid
Undecided
Unassigned
nova-compute (Juju Charms Collection)
Invalid
Medium
Unassigned

Bug Description

nova.cfg >>
nova-compute:
    openstack-origin: cloud:trusty-juno
    enable-resize: true
    enable-live-migration: true
    migration-auth-type: "none"
    sysctl: '{ kernel.pid_max : 4194303 }'
    libvirt-image-backend: rbd

libvirtd.conf >>
#listen_tcp = 1
#auth_tcp = "sasl"

After running live-migration command, the log from the original host of a given vm:

/var/log/nova/nova-compute.log >>
2015-03-13 00:30:01.062 1796 ERROR nova.virt.libvirt.driver [-] [instance: 92e1fb07-1bbe-4209-a98d-bae5e1d6a36c] Live Migration failure: operation failed: Failed to connect to remote libvirt URI qemu+tcp://maas-pute-04/system: unable to connect to server at 'maas-pute-04:16509': Connection refused

After changing the config on the /var/lib/juju/agents/unit-nova-compute-1/charm/templates/libvirtd.conf to reflect the intended config (tcp_listen = 1 and auth_tcp = "none") and restarting the service, it throws a config-changed hook error. After running the config-changed hook, it works and I am able to live-migrate between the nodes with the correct config.

Davanum Srinivas (DIMS) (dims-v)
affects: nova → juju
affects: juju → juju-core
Aaron Bentley (abentley)
Changed in juju-core:
status: New → Invalid
Revision history for this message
James Page (james-page) wrote :

AFAIR the only auth-type supported by the charm is SSH - not using any type of auth was considered insecure so was not supported.

That said it feels like the charm could do better with enforcing that and providing feedback to charm users; even changing the default to 'ssh' would be better than the current situation we have where its possible to enable live-migration and end up with a non-functional deployment.

Changed in nova-compute (Juju Charms Collection):
status: New → Triaged
importance: Undecided → Medium
summary: - juju nova-compute charm not enabling live-migration via tcp with auth
- set to none
+ live-migration: default auth-type to ssh, enforce better value checking
James Page (james-page)
Changed in charm-nova-compute:
importance: Undecided → Medium
status: New → Triaged
Changed in nova-compute (Juju Charms Collection):
status: Triaged → Invalid
Liam Young (gnuoy)
Changed in charm-nova-compute:
assignee: nobody → Liam Young (gnuoy)
OpenStack Infra (hudson-openstack)
Changed in charm-nova-compute:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-nova-compute (master)

Reviewed: https://review.openstack.org/506655
Committed: https://git.openstack.org/cgit/openstack/charm-nova-compute/commit/?id=1ce182bce77732cf7d9f7cd9c9ba1eaca0c969ab
Submitter: Jenkins
Branch: master

commit 1ce182bce77732cf7d9f7cd9c9ba1eaca0c969ab
Author: Liam Young <email address hidden>
Date: Fri Sep 22 13:25:42 2017 +0000

    Mark charm blocked for invalid migrations settings

    Previously if enable-live-migration was true and migration-auth-type
    was anything other than "ssh" then migration setup would be invalid.
    The change puts the charm in a blocked state to make it clear that
    the migration settings are not valid.

    Change-Id: I796b54e9a08e8eab5c2b316a2aff0b29ee7e6bd9
    Closes-Bug: #1431685

Changed in charm-nova-compute:
status: In Progress → Fix Committed
Edward Hope-Morley (hopem)
Changed in charm-nova-compute:
milestone: none → 17.11
James Page (james-page)
Changed in charm-nova-compute:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.