OpenStack Compute (nova)

instance migration action shouldn't be allowed when there are existed VNC sessions

Bug #1240584 reported by Yaguang Tang on 2013-10-16

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Expired	Undecided	Unassigned

Bug Description

instance migration action shouldn't be allowed when there are existed VNC sessions .
when doing a migration, all vnc tokens will become invalid from the source server. this breaks the existed VNC session.

Tags:

Yaguang Tang (heut2008) on 2013-10-16

Changed in nova:
assignee:	nobody → Yaguang Tang (heut2008)

Matt Riedemann (mriedem) on 2013-11-23

Changed in nova:
assignee:	Yaguang Tang (heut2008) → nobody

Matt Riedemann (mriedem) on 2014-01-26

tags:

added: console

Michael H Wilson (geekinutah) on 2014-02-12

Changed in nova:
status:	New → Confirmed

Revision history for this message

Michael H Wilson (geekinutah) wrote on 2014-02-12:

I can reproduce this with a libvirt/kvm migration. The problem is that the vnc connection is handled by the qemu-kvm process. The migration takes care of migrating guest state but the vnc service is provided by the host. Since this is an admin initiated action I think we should probably fix this.

I guess you could, in the libvirt/kvm case, check and see if the process has an ESTABLISHED tcp connection. If there is one that is ESTABLISHED then we can die with an error like "There's someone using VNC". Note that this condition should be ignored in the evacuate case. We really aren't trying to be nice, we think hardware is going to fail or something so we want to move everyone off at emergency speed.

I know you can do this with ss in linux land, not sure about windows. More specifically, the tcp_diag module in the linux kernel is the one you need to ask. Alternatively you can consult /proc/net/tcp, but that is a quadratic lookup so use with care.

Abhishek Kekane (abhishek-kekane) on 2014-03-17

Changed in nova:
assignee:	nobody → Abhishek Kekane (abhishek-kekane)

Revision history for this message

Abhishek Kekane (abhishek-kekane) wrote on 2014-03-17:

Possible Solution:
A new parameter "force" will be added to the existing live migration api, if it's set to False and user is connected to the VNC console, it won't live migrate that vm.

If "force" parameter is set to True then even if user is connected to VNC console, live migration will be performed.

To detect whether users are connected to the vnc console or not, we can check if the vnc port is opened on the compute node where the vm is running using following command.

sudo netstat -pnt | awk '{print $4}' | egrep '^127.0.0.1:5900$’
127.0.0.1 : vncserver_listen parameter from nova.conf
5900: graphics port either for spice or vnc.

Claudiu Belu (cbelu) on 2015-06-02

Changed in nova:
assignee:	Abhishek Kekane (abhishek-kekane) → nobody

Revision history for this message

Markus Zoeller (markus_z) (mzoeller) wrote on 2016-07-05: Cleanup EOL bug report

This is an automated cleanup. This bug report has been closed because it
is older than 18 months and there is no open code change to fix this.
After this time it is unlikely that the circumstances which lead to
the observed issue can be reproduced.

If you can reproduce the bug, please:
* reopen the bug report (set to status "New")
* AND add the detailed steps to reproduce the issue (if applicable)
* AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>"
Only still supported release names are valid (LIBERTY, MITAKA, OCATA, NEWTON).
Valid example: CONFIRMED FOR: LIBERTY

Changed in nova:
status:	Confirmed → Expired

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1287101

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.