OpenStack Compute (nova)

Nova doesn't update vnc listen address during migration with libvirt

Bug #1262450 reported by Dmitry Borodaenko
36
This bug affects 6 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
High
Solly Ross
OpenStack Compute (nova) 2014.2 "juno"

Bug Description

Nova should update VNC listen address in libvirt.xml to the destination node's vncserver_listen setting on completing migration. Without that, the only way to make VMs accessible over VNC after migration is to set vncserver_listen to 0.0.0.0 as recommended in:

http://docs.openstack.org/havana/config-reference/content/configuring-openstack-compute-basics.html#section_configuring-compute-migrations

which is a suboptimal solution from security standpoint.

Tags: libvirt
Revision history for this message
wangpan (hzwangpan) wrote :

you may config vncserver_listen=127.0.0.1 to solve this issue.

Revision history for this message
Dmitry Borodaenko (angdraug) wrote :

vncserver_listen=127.0.0.1 by itself is not sufficient, you have to have something running on all compute nodes and forwarding vnc connections from the management network to local loopback. It is a way to make things work, but it's even less efficient than setting vncserver_listen=0.0.0.0 and firewalling off non-management networks with iptables. Fixing this in Nova would allow to get rid of such unnecessarily complex workarounds.

Revision history for this message
Solly Ross (sross-7) wrote :

This is a duplicate of https://bugs.launchpad.net/nova/+bug/1279563.

Changed in nova:
status: New → Invalid
Revision history for this message
Dmitry Borodaenko (angdraug) wrote :

How is this a duplicate of a bug that was raised 2 months after this bug was raised?

Changed in nova:
status: Invalid → In Progress
Revision history for this message
Solly Ross (sross-7) wrote :

I apologize. I just got the order of the bugs wrong. One is a duplicate of the other. I didn't notice that this was created earlier.

Changed in nova:
assignee: nobody → Solly Ross (sross-7)
importance: Undecided → High
Revision history for this message
Dmitry Borodaenko (angdraug) wrote :

No problem, thanks for picking this up!

Revision history for this message
Sachi King (nakato) wrote :

Work on the patch was linked against the duplicate bug, the status of this is now "fix committed".

As such I'm going to update the status to that here.

https://bugs.launchpad.net/nova/+bug/1279563

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → juno-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: juno-3 → 2014.2
Revision history for this message
hpcre (hpcre1) wrote :

Does this last update mean the fix has been committed to Juno release. Or not yet ?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.