live_migration_uri to live_migration_scheme SSH settings

Bug #1671288 reported by Logan V on 2017-03-09
This bug affects 6 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Takashi Kajinami

Bug Description

I saw in the Ocata release notes that live_migration_uri is deprecated, and there is mention of a new setting called live_migration_scheme. However, the new config option live_migration_scheme does not appear in the ocata configuration reference[1].

I am also curious how the live_migration_scheme setting could be used to configure a migration URI similar to "qemu+ssh://nova@%s/system?no_verify=1&keyfile=/var/lib/nova/.ssh/id_rsa" [2] as it seems to only allow setting the scheme to qemu+ssh, but may not offer the ability to configure the ssh settings like the key location and verification.


Andrey Volkov (avolkov) wrote :

live_migration_uri is deprecated for removal in favor of two other options that
allow to change live migration scheme and target URI: ``live_migration_scheme``
and ``live_migration_inbound_addr`` respectively.

It looks like config-reference is not updated.

Changed in nova:
status: New → Confirmed
Logan V (loganv) wrote :

The point I have is less about the documentation not being updated.

I don't think live_migration_uri should be deprecated at all. It breaks my live migration scenario and without it, there's no way to configure nova the way I need for migrations to work.

There are a lot of other valid configurations that require specification of libvirt URI options. Just take a look thru

György Szombathelyi (gyurco) wrote :

I agree, we're using
live_migration_uri = qemu+ssh://nova@%s/system?keyfile=/var/lib/nova/.ssh/id_rsa&no_tty=1&no_verify=1

How can it be expressed with the new options?

tags: added: doc
Andrey Volkov (avolkov) wrote :

@loganv, @gyurco the change was made in that patch series
and first started with adding live_migration_inbound_addr in

I didn't know about the case with qemu+ssh you proposed.
An inconvenient workaround here is to use ~/.ssh/config for additional options, though it's per host.

Possibly, @johngarbutt, @stephenfinucane could add some details.

Andrey Volkov (avolkov) on 2017-03-17
tags: added: live-migration
Oliver Walsh (owalsh) wrote :

Expect we will need an option for each component documented here:

Oliver Walsh (owalsh) wrote :

^H^H^H didn't spot the previous like to which appears to be more complete list of options

John Garbutt (johngarbutt) wrote :

The real need here is having a single key setup for migration and live-migration. The problem is the current configuration options (if you ignore the deprecated ones) don't seem to help do that.

John Garbutt (johngarbutt) wrote :

Due to the URI config being hard to used due to bugs like this:

Its tempting to add a new configuration to let to specify these SSH configuration settings. They would get ignored if the scheme != ssh.

I think we should note in the description that this is a way to share the ssh key between migrate and live-migration. I would say thats a really useful use case here.

Oliver Walsh (owalsh) wrote :

Something like this may work:

And add a new option:

Oliver Walsh (owalsh) wrote :


Logan V (loganv) wrote :

@Oliver theres a big problem with that, live_migration_inbound_addr is not templated afaik so any time you would like to specify a non standard user or port for your migration config, you lose the ability to dynamically populate the host for each specific nova-compute instance. You'll have to statically populate it on every single config based on some other discovery mechanism.

For me that is a pretty big regression from the current capabilities offered by live_migration_uri.

Oliver Walsh (owalsh) wrote :

@loganv hmm, indeed. We need new options for user and port.

Changed in nova:
assignee: nobody → Stephen Finucane (stephenfinucane)

Fix proposed to branch: master

Changed in nova:
status: Confirmed → In Progress
XiaoRuiguo (705437650-6) wrote :

openssh8.0p1 can not support.

Changed in nova:
assignee: Stephen Finucane (stephenfinucane) → Takashi Kajinami (kajinamit)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers